<!DOCTYPE html>


  <html class="dark page-post">


<head><meta name="generator" content="Hexo 3.9.0">
  <meta charset="utf-8">
  
  <title>工作中常用的Nginx配置总结回顾 | Poetry&#39;s Blog</title>

  <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">

  
    <meta name="keywords" content="部署,Nginx,">
  

  <meta name="description" content="Nginx 配置文件在线生成: https://nginxconfig.io/  一、Nginx介绍 Nginx是一款面向性能设计的 HTTP 服务器，能反向代理 HTTP，HTTPS 和邮件相关(SMTP，POP3，IMAP)的协议链接。并且提供了负载均衡以及 HTTP 缓存。它的设计充分使用异步事件模型，削减上下文调度的开销，提高服务器并发能力。采用了模块化设计，提供了丰富模块的第三方模块。">
<meta name="keywords" content="部署,Nginx">
<meta property="og:type" content="article">
<meta property="og:title" content="工作中常用的Nginx配置总结回顾">
<meta property="og:url" content="http://blog.poetries.top/2018/11/20/nginx-config/index.html">
<meta property="og:site_name" content="Poetry&#39;s Blog">
<meta property="og:description" content="Nginx 配置文件在线生成: https://nginxconfig.io/  一、Nginx介绍 Nginx是一款面向性能设计的 HTTP 服务器，能反向代理 HTTP，HTTPS 和邮件相关(SMTP，POP3，IMAP)的协议链接。并且提供了负载均衡以及 HTTP 缓存。它的设计充分使用异步事件模型，削减上下文调度的开销，提高服务器并发能力。采用了模块化设计，提供了丰富模块的第三方模块。">
<meta property="og:locale" content="zh-Hans">
<meta property="og:image" content="https://upload-images.jianshu.io/upload_images/1480597-f6a3fd62b01d77f1.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240">
<meta property="og:updated_time" content="2020-08-15T04:25:31.926Z">
<meta name="twitter:card" content="summary">
<meta name="twitter:title" content="工作中常用的Nginx配置总结回顾">
<meta name="twitter:description" content="Nginx 配置文件在线生成: https://nginxconfig.io/  一、Nginx介绍 Nginx是一款面向性能设计的 HTTP 服务器，能反向代理 HTTP，HTTPS 和邮件相关(SMTP，POP3，IMAP)的协议链接。并且提供了负载均衡以及 HTTP 缓存。它的设计充分使用异步事件模型，削减上下文调度的开销，提高服务器并发能力。采用了模块化设计，提供了丰富模块的第三方模块。">
<meta name="twitter:image" content="https://upload-images.jianshu.io/upload_images/1480597-f6a3fd62b01d77f1.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240">

  

  
    <link rel="icon" href="/favicon.ico">
  

  <link href="/css/styles.css?v=c114cbeddx" rel="stylesheet">
<link href="/css/other.css?v=c114cbeddx" rel="stylesheet">


  
    <link rel="stylesheet" href="/css/personal-style.css">
  

  

  
  <script type="text/javascript">
    var _hmt = _hmt || [];
    (function() {
      var hm = document.createElement("script");
      hm.src = "//hm.baidu.com/hm.js?40b1f89aa80f2527b3db779c6898c879";
      var s = document.getElementsByTagName("script")[0];
      s.parentNode.insertBefore(hm, s);
    })();
  </script>


  
  <script type="text/javascript">
	(function(){
	    var bp = document.createElement('script');
	    var curProtocol = window.location.protocol.split(':')[0];
	    if (curProtocol === 'https') {
	        bp.src = 'https://zz.bdstatic.com/linksubmit/push.js';        
	    }
	    else {
	        bp.src = 'http://push.zhanzhang.baidu.com/push.js';
	    }
	    var s = document.getElementsByTagName("script")[0];
	    s.parentNode.insertBefore(bp, s);
	})();
  </script>



  
    <script async src="https://busuanzi.ibruce.info/busuanzi/2.3/busuanzi.pure.mini.js"></script>
    <link rel="stylesheet" href="//cdn.bootcss.com/font-awesome/4.3.0/css/font-awesome.min.css">
  

  <!-- 聊天系统 -->
  
    
   <link type="text/css" rel="stylesheet" href="/renxi/default.css">
   <style>
      #modal {
        position: static !important;
      }
      .filter {
        width: 100%;
        height: 100%;
        position: absolute;
        top: 0;
        left: 0;
        background: #fe5757;
        animation: colorChange 30s ease-in-out infinite;
        animation-fill-mode: both;
        mix-blend-mode: overlay;
      }
  
      @keyframes colorChange {
        0%, 100% {
            opacity: 0;
        }
        50% {
            opacity: .9;
        }
      }
   </style>
</head>
</html>
<body>
  
  
    <span id="toolbox-mobile" class="toolbox-mobile">导航</span>
  

  <div class="post-header CENTER">
   
  <div class="toolbox">
    <a class="toolbox-entry" href="/">
      <span class="toolbox-entry-text">导航</span>
      <i class="icon-angle-down"></i>
      <i class="icon-home"></i>
    </a>
    <ul class="list-toolbox">
      
        <li class="item-toolbox">
          <a
            class="CIRCLE"
            href="/archives/"
            rel="noopener noreferrer"
            target="_self"
            >
            博客
          </a>
        </li>
      
        <li class="item-toolbox">
          <a
            class="CIRCLE"
            href="/categories/"
            rel="noopener noreferrer"
            target="_self"
            >
            分类
          </a>
        </li>
      
        <li class="item-toolbox">
          <a
            class="CIRCLE"
            href="/tags/"
            rel="noopener noreferrer"
            target="_self"
            >
            标签
          </a>
        </li>
      
        <li class="item-toolbox">
          <a
            class="CIRCLE"
            href="/search/"
            rel="noopener noreferrer"
            target="_self"
            >
            搜索
          </a>
        </li>
      
        <li class="item-toolbox">
          <a
            class="CIRCLE"
            href="/link/"
            rel="noopener noreferrer"
            target="_self"
            >
            友链
          </a>
        </li>
      
        <li class="item-toolbox">
          <a
            class="CIRCLE"
            href="/about/"
            rel="noopener noreferrer"
            target="_self"
            >
            关于
          </a>
        </li>
      
    </ul>
  </div>


</div>


  <div id="toc" class="toc-article">
    <strong class="toc-title">文章目录<i class="iconfont toc-title" style="display:inline-block;color:#87998d;width:20px;height:20px;">&#xf004b;</i></strong>
    <ol class="toc"><li class="toc-item toc-level-2"><a class="toc-link" href="#一、Nginx介绍"><span class="toc-text">一、Nginx介绍</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#二、安装"><span class="toc-text">二、安装</span></a><ol class="toc-child"><li class="toc-item toc-level-3"><a class="toc-link" href="#2-1-安装依赖"><span class="toc-text">2.1 安装依赖</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#2-2-下载"><span class="toc-text">2.2 下载</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#2-3-编译安装"><span class="toc-text">2.3 编译安装</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#2-4-nginx测试"><span class="toc-text">2.4 nginx测试</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#2-5-设置全局nginx命令"><span class="toc-text">2.5 设置全局nginx命令</span></a></li></ol></li><li class="toc-item toc-level-2"><a class="toc-link" href="#三、开机自启动"><span class="toc-text">三、开机自启动</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#四、运维"><span class="toc-text">四、运维</span></a><ol class="toc-child"><li class="toc-item toc-level-3"><a class="toc-link" href="#4-1-服务管理"><span class="toc-text">4.1 服务管理</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#4-2-重启服务防火墙报错解决"><span class="toc-text">4.2 重启服务防火墙报错解决</span></a></li></ol></li><li class="toc-item toc-level-2"><a class="toc-link" href="#五、nginx卸载"><span class="toc-text">五、nginx卸载</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#六、参数说明"><span class="toc-text">六、参数说明</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#七、配置"><span class="toc-text">七、配置</span></a><ol class="toc-child"><li class="toc-item toc-level-3"><a class="toc-link" href="#7-1-常用正则"><span class="toc-text">7.1 常用正则</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#7-2-全局变量"><span class="toc-text">7.2 全局变量</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#7-3-符号参考"><span class="toc-text">7.3 符号参考</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#7-4-配置文件"><span class="toc-text">7.4 配置文件</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#7-5-内置预定义变量"><span class="toc-text">7.5 内置预定义变量</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#7-6-反向代理"><span class="toc-text">7.6 反向代理</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#7-7-负载均衡"><span class="toc-text">7.7 负载均衡</span></a><ol class="toc-child"><li class="toc-item toc-level-4"><a class="toc-link" href="#7-7-1-RR"><span class="toc-text">7.7.1 RR</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#7-7-2-权重"><span class="toc-text">7.7.2 权重</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#7-7-3-ip-hash"><span class="toc-text">7.7.3 ip_hash</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#7-7-4-fair"><span class="toc-text">7.7.4 fair</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#7-7-5-url-hash"><span class="toc-text">7.7.5 url_hash</span></a></li></ol></li><li class="toc-item toc-level-3"><a class="toc-link" href="#7-8-屏蔽ip"><span class="toc-text">7.8 屏蔽ip</span></a></li></ol></li><li class="toc-item toc-level-2"><a class="toc-link" href="#八、第三方模块安装方法"><span class="toc-text">八、第三方模块安装方法</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#九、重定向"><span class="toc-text">九、重定向</span></a><ol class="toc-child"><li class="toc-item toc-level-3"><a class="toc-link" href="#9-1-重定向整个网站"><span class="toc-text">9.1 重定向整个网站</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#9-2-重定向单页"><span class="toc-text">9.2 重定向单页</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#9-3-重定向整个子路径"><span class="toc-text">9.3 重定向整个子路径</span></a></li></ol></li><li class="toc-item toc-level-2"><a class="toc-link" href="#十、性能"><span class="toc-text">十、性能</span></a><ol class="toc-child"><li class="toc-item toc-level-3"><a class="toc-link" href="#10-1-内容缓存"><span class="toc-text">10.1 内容缓存</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#10-2-Gzip压缩"><span class="toc-text">10.2 Gzip压缩</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#10-3-打开文件缓存"><span class="toc-text">10.3 打开文件缓存</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#10-4-SSL缓存"><span class="toc-text">10.4 SSL缓存</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#10-5-上游Keepalive"><span class="toc-text">10.5 上游Keepalive</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#10-6-监控"><span class="toc-text">10.6 监控</span></a></li></ol></li><li class="toc-item toc-level-2"><a class="toc-link" href="#十一、常见使用场景"><span class="toc-text">十一、常见使用场景</span></a><ol class="toc-child"><li class="toc-item toc-level-3"><a class="toc-link" href="#11-1-跨域问题"><span class="toc-text">11.1 跨域问题</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#11-2-跳转到带www的域上面"><span class="toc-text">11.2 跳转到带www的域上面</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#11-3-代理转发"><span class="toc-text">11.3 代理转发</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#11-4-代理转发连接替换"><span class="toc-text">11.4 代理转发连接替换</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#11-5-ssl配置"><span class="toc-text">11.5 ssl配置</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#11-6-强制将http重定向到https"><span class="toc-text">11.6 强制将http重定向到https</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#11-7-两个虚拟主机"><span class="toc-text">11.7 两个虚拟主机</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#11-8-虚拟主机标准配置"><span class="toc-text">11.8 虚拟主机标准配置</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#11-9-防盗链"><span class="toc-text">11.9 防盗链</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#11-10虚拟目录配置"><span class="toc-text">11.10虚拟目录配置</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#11-11-防盗图配置"><span class="toc-text">11.11 防盗图配置</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#11-12-屏蔽-git等文件"><span class="toc-text">11.12 屏蔽.git等文件</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#11-13-域名路径加不加需要都能正常访问"><span class="toc-text">11.13 域名路径加不加需要都能正常访问</span></a></li></ol></li><li class="toc-item toc-level-2"><a class="toc-link" href="#十二、错误问题"><span class="toc-text">十二、错误问题</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#十三、Nginx思维导图"><span class="toc-text">十三、Nginx思维导图</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#十四、精品文章参考"><span class="toc-text">十四、精品文章参考</span></a></li></ol>
  </div>
  




<div class="content content-post CENTER">
   <!-- canvas 彩带 -->
<canvas id="evanyou" width="1302" height="678" style="position: fixed;width: 100%;height: 100%;top: 0;left:0;z-index:-1;"></canvas>

<article id="post-nginx-config" class="article article-type-post" itemprop="blogPost">
  <header class="article-header" style="position:relative;">
    <h1 class="post-title">工作中常用的Nginx配置总结回顾</h1>

    <div class="article-meta">
      <span>
        <i class="icon-calendar"></i>
        <span>2018.11.20</span>
      </span>

      
        <span class="article-author">
          <i class="icon-user"></i>
          <span>Poetry</span>
        </span>
      

      
  <span class="article-category">
    <i class="icon-list"></i>
    <a class="article-category-link" href="/categories/Back-end/">Back-end</a>
  </span>



      

      
      <i class="fa fa-eye"></i> 
        <span id="busuanzi_container_page_pv">
           &nbsp热度 <span id="busuanzi_value_page_pv">
           <i class="fa fa-spinner fa-spin"></i></span>℃
        </span>
      
      
       
          <span class="post-count">
            <i class="fa fa-file-word-o"></i>&nbsp
            <span>字数统计 9.4k字</span>
          </span>

          <span class="post-count">
            <i class="fa fa-columns"></i>&nbsp
            <span>阅读时长 40分</span>
          </span>
      
      
    </div>

    <i class="iconfont" id="toc-eye" style="display:inline-block;color:#b36619;position:absolute;top:0;right:0;cursor:pointer;
    font-size: 24px;">&#xe61c;</i>

  </header>

  <div class="article-content">
    
      <div id="container">
        <blockquote>
<p>Nginx 配置文件在线生成: <a href="https://nginxconfig.io/" target="_blank" rel="noopener">https://nginxconfig.io/</a></p>
</blockquote>
<h2 id="一、Nginx介绍"><a href="#一、Nginx介绍" class="headerlink" title="一、Nginx介绍"></a>一、Nginx介绍</h2><blockquote>
<p><code>Nginx</code>是一款面向性能设计的 <code>HTTP</code> 服务器，能反向代理 <code>HTTP</code>，<code>HTTPS</code> 和邮件相关(<code>SMTP</code>，<code>POP3</code>，<code>IMAP</code>)的协议链接。并且提供了负载均衡以及 <code>HTTP</code> 缓存。它的设计充分使用异步事件模型，削减上下文调度的开销，提高服务器并发能力。采用了模块化设计，提供了丰富模块的第三方模块。</p>
</blockquote>
<p>所以关于 <code>Nginx</code>，有这些标签：「异步」「事件」「模块化」「高性能」「高并发」「反向代理」「负载均衡」</p>
<ul>
<li><code>Linux</code>系统：<code>Centos 7 x64</code></li>
<li><code>Nginx</code>版本：<code>1.11.5</code></li>
</ul>
<h2 id="二、安装"><a href="#二、安装" class="headerlink" title="二、安装"></a>二、安装</h2><h3 id="2-1-安装依赖"><a href="#2-1-安装依赖" class="headerlink" title="2.1 安装依赖"></a>2.1 安装依赖</h3><blockquote>
<p><code>prce</code>(重定向支持)和<code>openssl</code>(<code>https</code>支持，如果不需要<code>https</code>可以不安装。)</p>
</blockquote>
<figure class="highlight bash"><table><tr><td class="code"><pre><span class="line">yum install -y pcre-devel </span><br><span class="line">yum -y install gcc make gcc-c++ wget</span><br><span class="line">yum -y install openssl openssl-devel</span><br></pre></td></tr></table></figure>
<blockquote>
<p><code>CentOS 6.5</code> 我安装的时候是选择的“基本服务器”，默认这两个包都没安装全，所以这两个都运行安装即可。</p>
</blockquote>
<h3 id="2-2-下载"><a href="#2-2-下载" class="headerlink" title="2.2 下载"></a>2.2 下载</h3><p><a href="http://nginx.org/download/" target="_blank" rel="noopener">nginx的所有版本在这里</a></p>
<figure class="highlight bash"><table><tr><td class="code"><pre><span class="line">wget http://nginx.org/download/nginx-1.13.3.tar.gz</span><br><span class="line">wget http://nginx.org/download/nginx-1.13.7.tar.gz</span><br><span class="line"></span><br><span class="line"><span class="comment"># 如果没有安装wget</span></span><br><span class="line"><span class="comment"># 下载已编译版本</span></span><br><span class="line">$ yum install wget</span><br><span class="line"></span><br><span class="line"><span class="comment"># 解压压缩包</span></span><br><span class="line">tar zxf nginx-1.13.3.tar.gz</span><br></pre></td></tr></table></figure>
<h3 id="2-3-编译安装"><a href="#2-3-编译安装" class="headerlink" title="2.3 编译安装"></a>2.3 编译安装</h3><blockquote>
<p>然后进入目录编译安装，<a href="#configure参数说明">configure参数说明</a></p>
</blockquote>
<figure class="highlight bash"><table><tr><td class="code"><pre><span class="line"><span class="built_in">cd</span> nginx-1.11.5</span><br><span class="line">./configure</span><br><span class="line"></span><br><span class="line"></span><br><span class="line">....</span><br><span class="line">Configuration summary</span><br><span class="line">  + using system PCRE library</span><br><span class="line">  + OpenSSL library is not used</span><br><span class="line">  + using system zlib library</span><br><span class="line"></span><br><span class="line">  nginx path prefix: <span class="string">"/usr/local/nginx"</span></span><br><span class="line">  nginx binary file: <span class="string">"/usr/local/nginx/sbin/nginx"</span></span><br><span class="line">  nginx modules path: <span class="string">"/usr/local/nginx/modules"</span></span><br><span class="line">  nginx configuration prefix: <span class="string">"/usr/local/nginx/conf"</span></span><br><span class="line">  nginx configuration file: <span class="string">"/usr/local/nginx/conf/nginx.conf"</span></span><br><span class="line">  nginx pid file: <span class="string">"/usr/local/nginx/logs/nginx.pid"</span></span><br><span class="line">  nginx error <span class="built_in">log</span> file: <span class="string">"/usr/local/nginx/logs/error.log"</span></span><br><span class="line">  nginx http access <span class="built_in">log</span> file: <span class="string">"/usr/local/nginx/logs/access.log"</span></span><br><span class="line">  nginx http client request body temporary files: <span class="string">"client_body_temp"</span></span><br><span class="line">  nginx http proxy temporary files: <span class="string">"proxy_temp"</span></span><br><span class="line">  nginx http fastcgi temporary files: <span class="string">"fastcgi_temp"</span></span><br><span class="line">  nginx http uwsgi temporary files: <span class="string">"uwsgi_temp"</span></span><br><span class="line">  nginx http scgi temporary files: <span class="string">"scgi_temp"</span></span><br></pre></td></tr></table></figure>
<blockquote>
<p>安装报错误的话比如：<code>“C compiler cc is not found”</code>，这个就是缺少编译环境，安装一下就可以了 <strong><code>yum -y install gcc make gcc-c++ openssl-devel</code></strong></p>
</blockquote>
<p>如果没有<code>error</code>信息，就可以执行下边的安装了：</p>
<figure class="highlight bash"><table><tr><td class="code"><pre><span class="line">make</span><br><span class="line">make install</span><br></pre></td></tr></table></figure>
<h3 id="2-4-nginx测试"><a href="#2-4-nginx测试" class="headerlink" title="2.4 nginx测试"></a>2.4 nginx测试</h3><blockquote>
<p>运行下面命令会出现两个结果，一般情况<code>nginx</code>会安装在<code>/usr/local/nginx</code>目录中</p>
</blockquote>
<figure class="highlight bash"><table><tr><td class="code"><pre><span class="line"><span class="built_in">cd</span> /usr/<span class="built_in">local</span>/nginx/sbin/</span><br><span class="line">./nginx -t</span><br><span class="line"></span><br><span class="line"><span class="comment"># nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok</span></span><br><span class="line"><span class="comment"># nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful</span></span><br></pre></td></tr></table></figure>
<h3 id="2-5-设置全局nginx命令"><a href="#2-5-设置全局nginx命令" class="headerlink" title="2.5 设置全局nginx命令"></a>2.5 设置全局nginx命令</h3><figure class="highlight bash"><table><tr><td class="code"><pre><span class="line">vi ~/.bash_profile</span><br></pre></td></tr></table></figure>
<blockquote>
<p>将下面内容添加到 <code>~/.bash_profile</code> 文件中</p>
</blockquote>
<figure class="highlight bash"><table><tr><td class="code"><pre><span class="line">PATH=<span class="variable">$PATH</span>:<span class="variable">$HOME</span>/bin:/usr/<span class="built_in">local</span>/nginx/sbin/</span><br><span class="line"><span class="built_in">export</span> PATH</span><br></pre></td></tr></table></figure>
<blockquote>
<p>运行命令 <strong><code>source ~/.bash_profile</code></strong> 让配置立即生效。你就可以全局运行 <code>nginx</code> 命令了。</p>
</blockquote>
<h2 id="三、开机自启动"><a href="#三、开机自启动" class="headerlink" title="三、开机自启动"></a>三、开机自启动</h2><p><strong>开机自启动方法一：</strong></p>
<blockquote>
<p>编辑 <strong><code>vi /lib/systemd/system/nginx.service</code></strong> 文件，没有创建一个 <strong><code>touch nginx.service</code></strong> 然后将如下内容根据具体情况进行修改后，添加到<code>nginx.service</code>文件中：</p>
</blockquote>
<figure class="highlight bash"><table><tr><td class="code"><pre><span class="line">[Unit]</span><br><span class="line">Description=nginx</span><br><span class="line">After=network.target remote-fs.target nss-lookup.target</span><br><span class="line"></span><br><span class="line">[Service]</span><br><span class="line"></span><br><span class="line">Type=forking</span><br><span class="line">PIDFile=/var/run/nginx.pid</span><br><span class="line">ExecStartPre=/usr/<span class="built_in">local</span>/nginx/sbin/nginx -t -c /usr/<span class="built_in">local</span>/nginx/conf/nginx.conf</span><br><span class="line">ExecStart=/usr/<span class="built_in">local</span>/nginx/sbin/nginx -c /usr/<span class="built_in">local</span>/nginx/conf/nginx.conf</span><br><span class="line">ExecReload=/bin/<span class="built_in">kill</span> -s HUP <span class="variable">$MAINPID</span></span><br><span class="line">ExecStop=/bin/<span class="built_in">kill</span> -s QUIT <span class="variable">$MAINPID</span></span><br><span class="line">PrivateTmp=<span class="literal">true</span></span><br><span class="line"></span><br><span class="line">[Install]</span><br><span class="line">WantedBy=multi-user.target</span><br></pre></td></tr></table></figure>
<ul>
<li><code>[Unit]</code>:服务的说明  </li>
<li><code>Description</code>:描述服务  </li>
<li><code>After</code>:描述服务类别  </li>
<li><code>[Service]</code>服务运行参数的设置  </li>
<li><code>Type=forking</code>是后台运行的形式  </li>
<li><code>ExecStart</code>为服务的具体运行命令  </li>
<li><code>ExecReload</code>为重启命令  </li>
<li><code>ExecStop</code>为停止命令  </li>
<li><code>PrivateTmp=True</code>表示给服务分配独立的临时空间  </li>
</ul>
<blockquote>
<p><strong>注意</strong>：<code>[Service]</code>的启动、重启、停止命令全部要求使用绝对路径<br><code>[Install]</code>运行级别下服务安装的相关设置，可设置为多用户，即系统运行级别为<code>3</code>  </p>
</blockquote>
<ul>
<li>保存退出。</li>
<li>设置开机启动，使配置生效：</li>
</ul>
<figure class="highlight bash"><table><tr><td class="code"><pre><span class="line">systemctl <span class="built_in">enable</span> nginx.service</span><br><span class="line"><span class="comment"># 输出下面内容表示成功了</span></span><br><span class="line">Created symlink from /etc/systemd/system/multi-user.target.wants/nginx.service to /usr/lib/systemd/system/nginx.service.</span><br></pre></td></tr></table></figure>
<p><strong>开机自启动方法二：</strong></p>
<figure class="highlight bash"><table><tr><td class="code"><pre><span class="line">vi /etc/rc.local</span><br><span class="line"></span><br><span class="line"><span class="comment"># 在 rc.local 文件中，添加下面这条命令</span></span><br><span class="line">/usr/<span class="built_in">local</span>/nginx/sbin/nginx start</span><br></pre></td></tr></table></figure>
<blockquote>
<p>如果开机后发现自启动脚本没有执行，你要去确认一下<code>rc.local</code>这个文件的访问权限是否是可执行的，因为<code>rc.local</code>默认是不可执行的。修改<code>rc.local</code>访问权限，增加可执行权限：</p>
</blockquote>
<figure class="highlight bash"><table><tr><td class="code"><pre><span class="line">chmod +x /etc/rc.d/rc.local</span><br></pre></td></tr></table></figure>
<h2 id="四、运维"><a href="#四、运维" class="headerlink" title="四、运维"></a>四、运维</h2><h3 id="4-1-服务管理"><a href="#4-1-服务管理" class="headerlink" title="4.1 服务管理"></a>4.1 服务管理</h3><figure class="highlight bash"><table><tr><td class="code"><pre><span class="line"><span class="comment"># 启动</span></span><br><span class="line">/usr/<span class="built_in">local</span>/nginx/sbin/nginx</span><br><span class="line"></span><br><span class="line"><span class="comment"># 重启</span></span><br><span class="line">/usr/<span class="built_in">local</span>/nginx/sbin/nginx -s reload</span><br><span class="line"></span><br><span class="line"><span class="comment"># 关闭进程</span></span><br><span class="line">/usr/<span class="built_in">local</span>/nginx/sbin/nginx -s stop</span><br><span class="line"></span><br><span class="line"><span class="comment"># 平滑关闭nginx</span></span><br><span class="line">/usr/<span class="built_in">local</span>/nginx/sbin/nginx -s quit</span><br><span class="line"></span><br><span class="line"><span class="comment"># 查看nginx的安装状态，</span></span><br><span class="line">/usr/<span class="built_in">local</span>/nginx/sbin/nginx -V</span><br></pre></td></tr></table></figure>
<p><strong>关闭防火墙，或者添加防火墙规则就可以测试了</strong></p>
<figure class="highlight bash"><table><tr><td class="code"><pre><span class="line">service iptables stop</span><br></pre></td></tr></table></figure>
<p>或者编辑配置文件：</p>
<figure class="highlight bash"><table><tr><td class="code"><pre><span class="line">vi /etc/sysconfig/iptables</span><br></pre></td></tr></table></figure>
<blockquote>
<p>添加这样一条开放<code>80</code>端口的规则后保存：</p>
</blockquote>
<figure class="highlight bash"><table><tr><td class="code"><pre><span class="line">-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT</span><br></pre></td></tr></table></figure>
<p>重启服务即可:</p>
<figure class="highlight bash"><table><tr><td class="code"><pre><span class="line">service iptables restart</span><br><span class="line"><span class="comment"># 命令进行查看目前nat</span></span><br><span class="line">iptables -t nat -L</span><br></pre></td></tr></table></figure>
<h3 id="4-2-重启服务防火墙报错解决"><a href="#4-2-重启服务防火墙报错解决" class="headerlink" title="4.2 重启服务防火墙报错解决"></a>4.2 重启服务防火墙报错解决</h3><figure class="highlight bash"><table><tr><td class="code"><pre><span class="line">service iptables restart</span><br><span class="line"><span class="comment"># Redirecting to /bin/systemctl restart  iptables.service</span></span><br><span class="line"><span class="comment"># Failed to restart iptables.service: Unit iptables.service failed to load: No such file or directory.</span></span><br></pre></td></tr></table></figure>
<blockquote>
<p>在<code>CentOS 7</code>或<code>RHEL 7</code>或<code>Fedora</code>中防火墙由 <strong><code>firewalld</code></strong> 来管理，当然你可以还原传统的管理方式。或则使用新的命令进行管理。<br>假如采用传统请执行一下命令：</p>
</blockquote>
<figure class="highlight bash"><table><tr><td class="code"><pre><span class="line"><span class="comment"># 传统命令</span></span><br><span class="line">systemctl stop firewalld</span><br><span class="line">systemctl mask firewalld</span><br></pre></td></tr></table></figure>
<figure class="highlight bash"><table><tr><td class="code"><pre><span class="line"><span class="comment"># 安装命令</span></span><br><span class="line">yum install iptables-services</span><br><span class="line"></span><br><span class="line">systemctl <span class="built_in">enable</span> iptables </span><br><span class="line">service iptables restart</span><br></pre></td></tr></table></figure>
<h2 id="五、nginx卸载"><a href="#五、nginx卸载" class="headerlink" title="五、nginx卸载"></a>五、nginx卸载</h2><blockquote>
<p>如果通过<code>yum</code>安装，使用下面命令安装。</p>
</blockquote>
<figure class="highlight bash"><table><tr><td class="code"><pre><span class="line">yum remove nginx</span><br></pre></td></tr></table></figure>
<ul>
<li>编译安装，删除<code>/usr/local/nginx</code>目录即可</li>
<li>如果配置了自启动脚本，也需要删除。</li>
</ul>
<h2 id="六、参数说明"><a href="#六、参数说明" class="headerlink" title="六、参数说明"></a>六、参数说明</h2><table>
<thead>
<tr>
<th>参数</th>
<th>说明</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>--prefix=&lt;path&gt;</code></td>
<td>Nginx安装路径。如果没有指定，默认为 <code>/usr/local/nginx</code>。</td>
</tr>
<tr>
<td><code>--sbin-path=&lt;path&gt;</code></td>
<td><code>Nginx</code>可执行文件安装路径。只能安装时指定，如果没有指定，默认为<code>&lt;prefix&gt;/sbin/nginx</code>。</td>
</tr>
<tr>
<td><code>--conf-path=&lt;path&gt;</code></td>
<td>在没有给定<code>-c</code>选项下默认的<code>nginx.conf</code>的路径。如果没有指定，默认为<code>&lt;prefix&gt;</code>/conf/nginx.conf`。</td>
</tr>
<tr>
<td><code>--pid-path=&lt;path&gt;</code></td>
<td>在<code>nginx.conf</code>中没有指定pid指令的情况下，默认的<code>nginx.pid</code>的路径。如果没有指定，默认为 <code>&lt;prefix&gt;/logs/nginx.pid</code>。</td>
</tr>
<tr>
<td><code>--lock-path=&lt;path&gt;</code></td>
<td><code>nginx.lock</code>文件的路径。</td>
</tr>
<tr>
<td><code>--error-log-path=&lt;path&gt;</code></td>
<td>在<code>nginx.conf</code>中没有指定<code>error_log</code>指令的情况下，默认的错误日志的路径。如果没有指定，默认为 <code>&lt;prefix&gt;/- logs/error.log</code>。</td>
</tr>
<tr>
<td><code>--http-log-path=&lt;path&gt;</code></td>
<td>在<code>nginx.conf</code>中没有指定<code>access_log</code>指令的情况下，默认的访问日志的路径。如果没有指定，默认为 <code>&lt;prefix&gt;/- logs/access.log</code>。</td>
</tr>
<tr>
<td><code>--user=&lt;user&gt;</code></td>
<td>在<code>nginx.conf</code>中没有指定<code>user</code>指令的情况下，默认的<code>nginx</code>使用的用户。如果没有指定，默认为 <code>nobody</code>。</td>
</tr>
<tr>
<td><code>--group=&lt;group&gt;</code></td>
<td>在<code>nginx.conf</code>中没有指定<code>user</code>指令的情况下，默认的<code>nginx</code>使用的组。如果没有指定，默认为 <code>nobody</code>。</td>
</tr>
<tr>
<td><code>--builddir=DIR</code></td>
<td>指定编译的目录</td>
</tr>
<tr>
<td><code>--with-rtsig_module</code></td>
<td>启用 <code>rtsig</code> 模块</td>
</tr>
<tr>
<td><code>--with-select_module --without-select_module</code></td>
<td>允许或不允许开启<code>SELECT</code>模式，如果<code>configure</code> 没有找到更合适的模式，比如：<code>kqueue(sun os)</code>,<code>epoll (linux kenel 2.6+)</code>,<code>rtsig(- 实时信号)</code>或者<code>/dev/poll</code>(一种类似select的模式，底层实现与SELECT基本相 同，都是采用轮训方法) SELECT模式将是默认安装模式</td>
</tr>
<tr>
<td><code>--with-poll_module --without-poll_module</code></td>
<td>Whether or not to enable the poll module. This module is enabled by, default if a more suitable method such as kqueue, epoll, rtsig or /dev/poll is not discovered by configure.</td>
</tr>
<tr>
<td><code>--with-http_ssl_module</code></td>
<td>Enable ngx_http_ssl_module. Enables SSL support and the ability to handle HTTPS requests. Requires OpenSSL. On Debian, this is libssl-dev. 开启HTTP SSL模块，使NGINX可以支持HTTPS请求。这个模块需要已经安装了OPENSSL，在DEBIAN上是libssl</td>
</tr>
<tr>
<td><code>--with-http_realip_module</code></td>
<td>启用 <code>ngx_http_realip_module</code></td>
</tr>
<tr>
<td><code>--with-http_addition_module</code></td>
<td>启用 <code>ngx_http_addition_module</code></td>
</tr>
<tr>
<td><code>--with-http_sub_module</code></td>
<td>启用 <code>ngx_http_sub_module</code></td>
</tr>
<tr>
<td><code>--with-http_dav_module</code></td>
<td>启用 <code>ngx_http_dav_module</code></td>
</tr>
<tr>
<td><code>--with-http_flv_module</code></td>
<td>启用 <code>ngx_http_flv_module</code></td>
</tr>
<tr>
<td><code>--with-http_stub_status_module</code></td>
<td>启用 <code>&quot;server status&quot;</code>页</td>
</tr>
<tr>
<td><code>--without-http_charset_module</code></td>
<td>禁用 <code>ngx_http_charset_module</code></td>
</tr>
<tr>
<td><code>--without-http_gzip_module</code></td>
<td>禁用 <code>ngx_http_gzip_module</code>. 如果启用，需要 zlib 。</td>
</tr>
<tr>
<td><code>--without-http_ssi_module</code></td>
<td>禁用 <code>ngx_http_ssi_module</code></td>
</tr>
<tr>
<td><code>--without-http_userid_module</code></td>
<td>禁用 <code>ngx_http_userid_module</code></td>
</tr>
<tr>
<td><code>--without-http_access_module</code></td>
<td>禁用 <code>ngx_http_access_module</code></td>
</tr>
<tr>
<td><code>--without-http_auth_basic_module</code></td>
<td>禁用 <code>ngx_http_auth_basic_module</code></td>
</tr>
<tr>
<td><code>--without-http_autoindex_module</code></td>
<td>禁用 <code>ngx_http_autoindex_module</code></td>
</tr>
<tr>
<td><code>--without-http_geo_module</code></td>
<td>禁用 <code>ngx_http_geo_module</code></td>
</tr>
<tr>
<td><code>--without-http_map_module</code></td>
<td>禁用 <code>ngx_http_map_module</code></td>
</tr>
<tr>
<td><code>--without-http_referer_module</code></td>
<td>禁用 <code>ngx_http_referer_module</code></td>
</tr>
<tr>
<td><code>--without-http_rewrite_module</code></td>
<td>禁用 <code>ngx_http_rewrite_module.</code> 如果启用需要<code>PCRE</code> 。</td>
</tr>
<tr>
<td><code>--without-http_proxy_module</code></td>
<td>禁用 ngx_http_proxy_module</td>
</tr>
<tr>
<td><code>--without-http_fastcgi_module</code></td>
<td>禁用 ngx_http_fastcgi_module</td>
</tr>
<tr>
<td><code>--without-http_memcached_module</code></td>
<td>禁用 ngx_http_memcached_module</td>
</tr>
<tr>
<td><code>--without-http_limit_zone_module</code></td>
<td>禁用 ngx_http_limit_zone_module</td>
</tr>
<tr>
<td><code>--without-http_empty_gif_module</code></td>
<td>禁用 ngx_http_empty_gif_module</td>
</tr>
<tr>
<td><code>--without-http_browser_module</code></td>
<td>禁用 ngx_http_browser_module</td>
</tr>
<tr>
<td><code>--without-http_upstream_ip_hash_module</code></td>
<td>禁用 ngx_http_upstream_ip_hash_module`</td>
</tr>
<tr>
<td><code>--with-http_perl_module</code></td>
<td>启用 ngx_http_perl_module</td>
</tr>
<tr>
<td><code>--with-perl_modules_path=PATH</code></td>
<td>指定 perl 模块的路径</td>
</tr>
<tr>
<td><code>--with-perl=PATH</code></td>
<td>指定 perl 执行文件的路径</td>
</tr>
<tr>
<td><code>--http-log-path=PATH</code></td>
<td>Set path to the http access log</td>
</tr>
<tr>
<td><code>--http-client-body-temp-path=PATH</code></td>
<td>Set path to the http client request body temporary files</td>
</tr>
<tr>
<td><code>--http-proxy-temp-path=PATH</code></td>
<td>Set path to the http proxy temporary files</td>
</tr>
<tr>
<td><code>--http-fastcgi-temp-path=PATH</code></td>
<td>Set path to the http fastcgi temporary files</td>
</tr>
<tr>
<td><code>--without-http</code></td>
<td>禁用 HTTP server</td>
</tr>
<tr>
<td><code>--with-mail</code></td>
<td>启用 IMAP4/POP3/SMTP 代理模块</td>
</tr>
<tr>
<td><code>--with-mail_ssl_module</code></td>
<td>启用 ngx_mail_ssl_module</td>
</tr>
<tr>
<td><code>--with-cc=PATH</code></td>
<td>指定 C 编译器的路径</td>
</tr>
<tr>
<td><code>--with-cpp=PATH</code></td>
<td>指定 C 预处理器的路径</td>
</tr>
<tr>
<td><code>--with-cc-opt=OPTIONS</code></td>
<td>Additional parameters which will be added to the variable CFLAGS. With the use of the system library PCRE in FreeBSD, it is necessary to indicate –with-cc-opt=”-I /usr/local/include”. If we are using select() and it is necessary to increase the number of file descriptors, then this also can be assigned here: –with-cc-opt=”-D FD_SETSIZE=2048”.</td>
</tr>
<tr>
<td><code>--with-ld-opt=OPTIONS</code></td>
<td>Additional parameters passed to the linker. With the use of the system library PCRE in - FreeBSD, it is necessary to indicate –with-ld-opt=”-L /usr/local/lib”.</td>
</tr>
<tr>
<td><code>--with-cpu-opt=CPU</code></td>
<td>为特定的 CPU 编译，有效的值包括：pentium, pentiumpro, pentium3, pentium4, athlon, opteron, amd64, sparc32, sparc64, ppc64</td>
</tr>
<tr>
<td><code>--without-pcre</code></td>
<td>禁止 PCRE 库的使用。同时也会禁止 HTTP rewrite 模块。在 “location” 配置指令中的正则表达式也需要 PCRE 。</td>
</tr>
<tr>
<td><code>--with-pcre=DIR</code></td>
<td>指定 PCRE 库的源代码的路径。</td>
</tr>
<tr>
<td><code>--with-pcre-opt=OPTIONS</code></td>
<td>Set additional options for PCRE building.</td>
</tr>
<tr>
<td><code>--with-md5=DIR</code></td>
<td>Set path to md5 library sources.</td>
</tr>
<tr>
<td><code>--with-md5-opt=OPTIONS</code></td>
<td>Set additional options for md5 building.</td>
</tr>
<tr>
<td><code>--with-md5-asm</code></td>
<td>Use md5 assembler sources.</td>
</tr>
<tr>
<td><code>--with-sha1=DIR</code></td>
<td>Set path to sha1 library sources.</td>
</tr>
<tr>
<td><code>--with-sha1-opt=OPTIONS</code></td>
<td>Set additional options for sha1 building.</td>
</tr>
<tr>
<td><code>--with-sha1-asm</code></td>
<td>Use sha1 assembler sources.</td>
</tr>
<tr>
<td><code>--with-zlib=DIR</code></td>
<td>Set path to zlib library sources.</td>
</tr>
<tr>
<td><code>--with-zlib-opt=OPTIONS</code></td>
<td>Set additional options for zlib building.</td>
</tr>
<tr>
<td><code>--with-zlib-asm=CPU</code></td>
<td>Use zlib assembler sources optimized for specified CPU, valid values are: pentium, pentiumpro</td>
</tr>
<tr>
<td><code>--with-openssl=DIR</code></td>
<td>Set path to OpenSSL library sources</td>
</tr>
<tr>
<td><code>--with-openssl-opt=OPTIONS</code></td>
<td>Set additional options for OpenSSL building</td>
</tr>
<tr>
<td><code>--with-debug</code></td>
<td>启用调试日志</td>
</tr>
<tr>
<td><code>--add-module=PATH</code></td>
<td>Add in a third-party module found in directory PATH</td>
</tr>
</tbody>
</table>
<h2 id="七、配置"><a href="#七、配置" class="headerlink" title="七、配置"></a>七、配置</h2><blockquote>
<p>在<code>Centos</code> 默认配置文件在 <strong><code>/usr/local/nginx-1.5.1/conf/nginx.conf</code></strong> 我们要在这里配置一些文件。<code>nginx.conf</code>是主配置文件，由若干个部分组成，每个大括号<code>{}</code>表示一个部分。每一行指令都由分号结束<code>;</code>，标志着一行的结束。</p>
</blockquote>
<h3 id="7-1-常用正则"><a href="#7-1-常用正则" class="headerlink" title="7.1 常用正则"></a>7.1 常用正则</h3><table>
<thead>
<tr>
<th>正则</th>
<th>说明</th>
<th>正则</th>
<th>说明</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>.</code></td>
<td>匹配除换行符以外的任意字符</td>
<td><code>$</code></td>
<td>匹配字符串的结束</td>
</tr>
<tr>
<td><code>?</code></td>
<td>重复<code>0</code>次或<code>1</code>次</td>
<td><code>{n}</code></td>
<td>重复<code>n</code>次</td>
</tr>
<tr>
<td><code>+</code></td>
<td>重复<code>1</code>次或更多次</td>
<td><code>{n,}</code></td>
<td>重复<code>n</code>次或更多次</td>
</tr>
<tr>
<td><code>*</code></td>
<td>重复<code>0</code>次或更多次</td>
<td><code>[c]</code></td>
<td>匹配单个字符<code>c</code></td>
</tr>
<tr>
<td><code>\d</code></td>
<td>匹配数字</td>
<td><code>[a-z]</code></td>
<td>匹配<code>a-z</code>小写字母的任意一个</td>
</tr>
<tr>
<td><code>^</code></td>
<td>匹配字符串的开始</td>
<td>-</td>
<td>-</td>
</tr>
</tbody>
</table>
<h3 id="7-2-全局变量"><a href="#7-2-全局变量" class="headerlink" title="7.2 全局变量"></a>7.2 全局变量</h3><table>
<thead>
<tr>
<th>变量</th>
<th>说明</th>
<th>变量</th>
<th>说明</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>$args</code></td>
<td>这个变量等于请求行中的参数，同<code>$query_string</code></td>
<td><code>$remote_port</code></td>
<td>客户端的端口。</td>
</tr>
<tr>
<td><code>$content_length</code></td>
<td>请求头中的<code>Content-length</code>字段。</td>
<td><code>$remote_user</code></td>
<td>已经经过<code>Auth Basic Module</code>验证的用户名。</td>
</tr>
<tr>
<td><code>$content_type</code></td>
<td>请求头中的<code>Content-Type</code>字段。</td>
<td><code>$request_filename</code></td>
<td>当前请求的文件路径，由<code>root</code>或<code>alias</code>指令与<code>URI</code>请求生成。</td>
</tr>
<tr>
<td><code>$document_root</code></td>
<td>当前请求在<code>root</code>指令中指定的值。</td>
<td><code>$scheme</code></td>
<td><code>HTTP</code>方法（如<code>http</code>，<code>https</code>）。</td>
</tr>
<tr>
<td><code>$host</code></td>
<td>请求主机头字段，否则为服务器名称。</td>
<td><code>$server_protocol</code></td>
<td>请求使用的协议，通常是<code>HTTP/1.0</code>或<code>HTTP/1.1</code>。</td>
</tr>
<tr>
<td><code>$http_user_agent</code></td>
<td>客户端<code>agent</code>信息</td>
<td><code>$server_addr</code></td>
<td>服务器地址，在完成一次系统调用后可以确定这个值。</td>
</tr>
<tr>
<td><code>$http_cookie</code></td>
<td>客户端<code>cookie</code>信息</td>
<td><code>$server_name</code></td>
<td>服务器名称。</td>
</tr>
<tr>
<td><code>$limit_rate</code></td>
<td>这个变量可以限制连接速率。</td>
<td><code>$server_port</code></td>
<td>请求到达服务器的端口号。</td>
</tr>
<tr>
<td><code>$request_method</code></td>
<td>客户端请求的动作，通常为<code>GET</code>或<code>POST</code>。</td>
<td><code>$request_uri</code></td>
<td>包含请求参数的原始<code>URI</code>，不包含主机名，如：<code>/foo/bar.php?arg=baz</code>。</td>
</tr>
<tr>
<td><code>$remote_addr</code></td>
<td>客户端的<code>IP</code>地址。</td>
<td><code>$uri</code></td>
<td>不带请求参数的当前<code>URI</code>，<code>$uri</code>不包含主机名，如<code>/foo/bar.html</code>。</td>
</tr>
<tr>
<td><code>$document_uri</code></td>
<td>与$uri`相同。</td>
<td>-</td>
<td>-</td>
</tr>
</tbody>
</table>
<blockquote>
<p>例如请求：<code>http://localhost:3000/test1/test2/test.php</code></p>
</blockquote>
<figure class="highlight plain"><table><tr><td class="code"><pre><span class="line">$host：localhost  </span><br><span class="line">$server_port：3000  </span><br><span class="line">$request_uri：/test1/test2/test.php  </span><br><span class="line">$document_uri：/test1/test2/test.php  </span><br><span class="line">$document_root：/var/www/html  </span><br><span class="line">$request_filename：/var/www/html/test1/test2/test.php</span><br></pre></td></tr></table></figure>
<h3 id="7-3-符号参考"><a href="#7-3-符号参考" class="headerlink" title="7.3 符号参考"></a>7.3 符号参考</h3><table>
<thead>
<tr>
<th>符号</th>
<th>说明</th>
<th>符号</th>
<th>说明</th>
<th>符号</th>
<th>说明</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>k</code>,<code>K</code></td>
<td>千字节</td>
<td><code>m</code>,<code>M</code></td>
<td>兆字节</td>
<td><code>ms</code></td>
<td>毫秒</td>
</tr>
<tr>
<td><code>s</code></td>
<td>秒</td>
<td><code>m</code></td>
<td>分钟</td>
<td><code>h</code></td>
<td>小时</td>
</tr>
<tr>
<td><code>d</code></td>
<td>日</td>
<td><code>w</code></td>
<td>周</td>
<td><code>M</code></td>
<td>一个月, <code>30</code>天</td>
</tr>
</tbody>
</table>
<p>例如，”8k”，”1m” 代表字节数计量。<br>例如，”1h 30m”，”1y 6M”。代表 “1小时 30分”，”1年零6个月”。 </p>
<h3 id="7-4-配置文件"><a href="#7-4-配置文件" class="headerlink" title="7.4 配置文件"></a>7.4 配置文件</h3><blockquote>
<p><code>nginx</code> 的配置系统由一个主配置文件和其他一些辅助的配置文件构成。这些配置文件均是纯文本文件，全部位于 <code>nginx</code> 安装目录下的 <code>conf</code> 目录下。</p>
</blockquote>
<ul>
<li>指令由 <code>nginx</code> 的各个模块提供，不同的模块会提供不同的指令来实现配置。<br>指令除了<code>Key-Value</code> 的形式，还有作用域指令。</li>
<li><code>nginx.conf</code> 中的配置信息，根据其逻辑上的意义，对它们进行了分类，也就是分成了多个作用域，或者称之为配置指令上下文。不同的作用域含有一个或者多个配置项。</li>
</ul>
<p><strong>下面的这些上下文指令是用的比较多</strong></p>
<table>
<thead>
<tr>
<th>Directive</th>
<th>Description</th>
<th>Contains Directive</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>main</code></td>
<td><code>nginx</code> 在运行时与具体业务功能（比如 <code>http</code> 服务或者 <code>email</code> 服务代理）无关的一些参数，比如工作进程数，运行的身份等。</td>
<td><code>user</code>, <code>worker_processes</code>, <code>error_log</code>, <code>events</code>, <code>http</code>, <code>mail</code></td>
</tr>
<tr>
<td><code>http</code></td>
<td>与提供 <code>http</code> 服务相关的一些配置参数。例如：是否使用 <code>keepalive</code> 啊，是否使用 <code>gzip</code> 进行压缩等。</td>
<td><code>server</code></td>
</tr>
<tr>
<td><code>server</code></td>
<td><code>http</code> 服务上支持若干虚拟主机。每个虚拟主机一个对应的 <code>server</code> 配置项，配置项里面包含该虚拟主机相关的配置。在提供 <code>mail</code> 服务的代理时，也可以建立若干 <code>server</code>. 每个 <code>server</code> 通过监听的地址来区分。</td>
<td><code>listen</code>, <code>server_name</code>, <code>access_log</code>, <code>location</code>, <code>protocol</code>, <code>proxy</code>, <code>smtp_auth</code>, <code>xclient</code></td>
</tr>
<tr>
<td><code>location</code></td>
<td><code>http</code> 服务中，某些特定的 <code>URL</code>对应的一系列配置项。</td>
<td><code>index</code>, <code>root</code></td>
</tr>
<tr>
<td><code>mail</code></td>
<td>实现 <code>email</code> 相关的 <code>SMTP/IMAP/POP3</code> 代理时，共享的一些配置项（因为可能实现多个代理，工作在多个监听地址上）。</td>
<td><code>server</code>, <code>http</code>,<code>imap_capabilities</code></td>
</tr>
<tr>
<td><code>include</code></td>
<td>以便增强配置文件的可读性，使得部分配置文件可以重新使用。</td>
<td>-</td>
</tr>
<tr>
<td><code>valid_referers</code></td>
<td>用来校验<code>Http</code>请求头<code>Referer</code>是否有效。</td>
<td>-</td>
</tr>
<tr>
<td><code>try_files</code></td>
<td>用在<code>server</code>部分，不过最常见的还是用在<code>location</code>部分，它会按照给定的参数顺序进行尝试，第一个被匹配到的将会被使用。</td>
<td>-</td>
</tr>
<tr>
<td><code>if</code></td>
<td>当在<code>location</code>块中使用<code>if</code>指令，在某些情况下它并不按照预期运行，一般来说避免使用if指令。</td>
<td>-</td>
</tr>
</tbody>
</table>
<blockquote>
<p>例如我们再 <strong><code>nginx.conf</code></strong> 里面引用两个配置 <code>vhost/example.com.conf</code> 和 <code>vhost/gitlab.com.conf</code> 它们都被放在一个我自己新建的目录 <code>vhost</code> 下面。<code>nginx.conf</code> 配置如下：</p>
</blockquote>
<figure class="highlight nginx"><table><tr><td class="code"><pre><span class="line"><span class="attribute">worker_processes</span>  <span class="number">1</span>;</span><br><span class="line"><span class="section">events</span> &#123;</span><br><span class="line">    <span class="attribute">worker_connections</span>  <span class="number">1024</span>;</span><br><span class="line">&#125;</span><br><span class="line"></span><br><span class="line"><span class="section">http</span> &#123;</span><br><span class="line">    <span class="attribute">include</span>       mime.types;</span><br><span class="line">    <span class="attribute">default_type</span>  application/octet-stream;</span><br><span class="line"></span><br><span class="line">    <span class="comment">#log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '</span></span><br><span class="line">    <span class="comment">#                  '$status $body_bytes_sent "$http_referer" '</span></span><br><span class="line">    <span class="comment">#                  '"$http_user_agent" "$http_x_forwarded_for"';</span></span><br><span class="line"></span><br><span class="line">    <span class="comment">#access_log  logs/access.log  main;</span></span><br><span class="line"></span><br><span class="line">    <span class="attribute">sendfile</span>        <span class="literal">on</span>;</span><br><span class="line">    <span class="comment">#tcp_nopush     on;</span></span><br><span class="line"></span><br><span class="line">    <span class="comment">#keepalive_timeout  0;</span></span><br><span class="line">    <span class="attribute">keepalive_timeout</span>  <span class="number">65</span>;</span><br><span class="line"></span><br><span class="line">    <span class="comment">#gzip  on;</span></span><br><span class="line">    <span class="section">server</span> &#123;</span><br><span class="line">        <span class="attribute">listen</span>       <span class="number">80</span>;</span><br><span class="line">        <span class="attribute">server_name</span>  localhost;</span><br><span class="line">        <span class="attribute">location</span> / &#123;</span><br><span class="line">            <span class="attribute">root</span>   html;</span><br><span class="line">            <span class="attribute">index</span>  index.html index.htm;</span><br><span class="line">        &#125;</span><br><span class="line">        <span class="attribute">error_page</span>   <span class="number">500</span> <span class="number">502</span> <span class="number">503</span> <span class="number">504</span>  /50x.html;</span><br><span class="line">        <span class="attribute">location</span> = /50x.html &#123;</span><br><span class="line">            <span class="attribute">root</span>   html;</span><br><span class="line">        &#125;</span><br><span class="line">    &#125;</span><br><span class="line">    <span class="attribute">include</span>  vhost/example.com.conf;</span><br><span class="line">    <span class="attribute">include</span>  vhost/gitlab.com.conf;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>
<blockquote>
<p>简单的配置: <code>example.com.conf</code></p>
</blockquote>
<figure class="highlight nginx"><table><tr><td class="code"><pre><span class="line"><span class="section">server</span> &#123;</span><br><span class="line">    <span class="comment">#侦听的80端口</span></span><br><span class="line">    <span class="attribute">listen</span>       <span class="number">80</span>;</span><br><span class="line">    <span class="attribute">server_name</span>  baidu.com app.baidu.com; <span class="comment"># 这里指定域名</span></span><br><span class="line">    <span class="attribute">index</span>        index.html index.htm;    <span class="comment"># 这里指定默认入口页面</span></span><br><span class="line">    <span class="attribute">root</span> /home/www/app.baidu.com;         <span class="comment"># 这里指定目录</span></span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>
<h3 id="7-5-内置预定义变量"><a href="#7-5-内置预定义变量" class="headerlink" title="7.5 内置预定义变量"></a>7.5 内置预定义变量</h3><blockquote>
<p><code>Nginx</code>提供了许多预定义的变量，也可以通过使用set来设置变量。你可以在<code>if</code>中使用预定义变量，也可以将它们传递给代理服务器。以下是一些常见的预定义变量，<a href="http://nginx.org/en/docs/varindex.html" target="_blank" rel="noopener">更多详见</a></p>
</blockquote>
<table>
<thead>
<tr>
<th>变量名称</th>
<th>值</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>$args_name</code></td>
<td>在请求中的<code>name</code>参数</td>
</tr>
<tr>
<td><code>$args</code></td>
<td>所有请求参数</td>
</tr>
<tr>
<td><code>$query_string</code></td>
<td><code>$args</code>的别名</td>
</tr>
<tr>
<td><code>$content_length</code></td>
<td>请求头<code>Content-Length</code>的值</td>
</tr>
<tr>
<td><code>$content_type</code></td>
<td>请求头<code>Content-Type</code>的值</td>
</tr>
<tr>
<td><code>$host</code></td>
<td>如果当前有<code>Host</code>，则为请求头<code>Host</code>的值；如果没有这个头，那么该值等于匹配该请求的<code>server_name</code>的值</td>
</tr>
<tr>
<td><code>$remote_addr</code></td>
<td>客户端的IP地址</td>
</tr>
<tr>
<td><code>$request</code></td>
<td>完整的请求，从客户端收到，包括<code>Http</code>请求方法、<code>URI</code>、<code>Http</code>协议、头、请求体</td>
</tr>
<tr>
<td><code>$request_uri</code></td>
<td>完整请求的<code>URI</code>，从客户端来的请求，包括参数</td>
</tr>
<tr>
<td><code>$scheme</code></td>
<td>当前请求的协议</td>
</tr>
<tr>
<td><code>$uri</code></td>
<td>当前请求的标准化<code>URI</code></td>
</tr>
</tbody>
</table>
<h3 id="7-6-反向代理"><a href="#7-6-反向代理" class="headerlink" title="7.6 反向代理"></a>7.6 反向代理</h3><blockquote>
<p>反向代理是一个<code>Web</code>服务器，它接受客户端的连接请求，然后将请求转发给上游服务器，并将从服务器得到的结果返回给连接的客户端。下面简单的反向代理的例子：</p>
</blockquote>
<figure class="highlight nginx"><table><tr><td class="code"><pre><span class="line"><span class="section">server</span> &#123;  </span><br><span class="line">  <span class="attribute">listen</span>       <span class="number">80</span>;                                                        </span><br><span class="line">  <span class="attribute">server_name</span>  localhost;                                              </span><br><span class="line">  <span class="attribute">client_max_body_size</span> <span class="number">1024M</span>;  <span class="comment"># 允许客户端请求的最大单文件字节数</span></span><br><span class="line"></span><br><span class="line">  <span class="attribute">location</span> / &#123;</span><br><span class="line">    <span class="attribute">proxy_pass</span>                         http://localhost:8080;</span><br><span class="line">    <span class="attribute">proxy_set_header</span> Host              <span class="variable">$host</span>:<span class="variable">$server_port</span>;</span><br><span class="line">    <span class="attribute">proxy_set_header</span> X-Forwarded-For   <span class="variable">$remote_addr</span>; <span class="comment"># HTTP的请求端真实的IP</span></span><br><span class="line">    <span class="attribute">proxy_set_header</span> X-Forwarded-Proto <span class="variable">$scheme</span>;      <span class="comment"># 为了正确地识别实际用户发出的协议是 http 还是 https</span></span><br><span class="line">  &#125;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>
<blockquote>
<p>复杂的配置: <code>gitlab.com.conf</code>。</p>
</blockquote>
<figure class="highlight nginx"><table><tr><td class="code"><pre><span class="line"><span class="section">server</span> &#123;</span><br><span class="line">    <span class="comment">#侦听的80端口</span></span><br><span class="line">    <span class="attribute">listen</span>       <span class="number">80</span>;</span><br><span class="line">    <span class="attribute">server_name</span>  git.example.cn;</span><br><span class="line">    <span class="attribute">location</span> / &#123;</span><br><span class="line">        <span class="attribute">proxy_pass</span>   http://localhost:3000;</span><br><span class="line">        <span class="comment">#以下是一些反向代理的配置可删除</span></span><br><span class="line">        <span class="attribute">proxy_redirect</span>             <span class="literal">off</span>;</span><br><span class="line">        <span class="comment">#后端的Web服务器可以通过X-Forwarded-For获取用户真实IP</span></span><br><span class="line">        <span class="attribute">proxy_set_header</span>           Host <span class="variable">$host</span>;</span><br><span class="line">        <span class="attribute">client_max_body_size</span>       <span class="number">10m</span>; <span class="comment">#允许客户端请求的最大单文件字节数</span></span><br><span class="line">        <span class="attribute">client_body_buffer_size</span>    <span class="number">128k</span>; <span class="comment">#缓冲区代理缓冲用户端请求的最大字节数</span></span><br><span class="line">        <span class="attribute">proxy_connect_timeout</span>      <span class="number">300</span>; <span class="comment">#nginx跟后端服务器连接超时时间(代理连接超时)</span></span><br><span class="line">        <span class="attribute">proxy_send_timeout</span>         <span class="number">300</span>; <span class="comment">#后端服务器数据回传时间(代理发送超时)</span></span><br><span class="line">        <span class="attribute">proxy_read_timeout</span>         <span class="number">300</span>; <span class="comment">#连接成功后，后端服务器响应时间(代理接收超时)</span></span><br><span class="line">        <span class="attribute">proxy_buffer_size</span>          <span class="number">4k</span>; <span class="comment">#设置代理服务器（nginx）保存用户头信息的缓冲区大小</span></span><br><span class="line">        <span class="attribute">proxy_buffers</span>              <span class="number">4</span> <span class="number">32k</span>; <span class="comment">#proxy_buffers缓冲区，网页平均在32k以下的话，这样设置</span></span><br><span class="line">        <span class="attribute">proxy_busy_buffers_size</span>    <span class="number">64k</span>; <span class="comment">#高负荷下缓冲大小（proxy_buffers*2）</span></span><br><span class="line">    &#125;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>
<blockquote>
<p>代理到上游服务器的配置中，最重要的是<code>proxy_pass</code>指令。以下是代理模块中的一些常用指令：</p>
</blockquote>
<table>
<thead>
<tr>
<th>指令</th>
<th>说明</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>proxy_connect_timeout</code></td>
<td><code>Nginx</code>从接受请求至连接到上游服务器的最长等待时间</td>
</tr>
<tr>
<td><code>proxy_send_timeout</code></td>
<td>后端服务器数据回传时间(代理发送超时)</td>
</tr>
<tr>
<td><code>proxy_read_timeout</code></td>
<td>连接成功后，后端服务器响应时间(代理接收超时)</td>
</tr>
<tr>
<td><code>proxy_cookie_domain</code></td>
<td>替代从上游服务器来的<code>Set-Cookie</code>头的<code>domain</code>属性</td>
</tr>
<tr>
<td><code>proxy_cookie_path</code></td>
<td>替代从上游服务器来的<code>Set-Cookie</code>头的<code>path</code>属性</td>
</tr>
<tr>
<td><code>proxy_buffer_size</code></td>
<td>设置代理服务器（<code>nginx</code>）保存用户头信息的缓冲区大小</td>
</tr>
<tr>
<td><code>proxy_buffers</code></td>
<td><code>proxy_buffers</code>缓冲区，网页平均在多少<code>k</code>以下</td>
</tr>
<tr>
<td><code>proxy_set_header</code></td>
<td>重写发送到上游服务器头的内容，也可以通过将某个头部的值设置为空字符串，而不发送某个头部的方法实现</td>
</tr>
<tr>
<td><code>proxy_ignore_headers</code></td>
<td>这个指令禁止处理来自代理服务器的应答。</td>
</tr>
<tr>
<td><code>proxy_intercept_errors</code></td>
<td>使<code>nginx</code>阻止<code>HTTP</code>应答代码为400或者更高的应答。</td>
</tr>
</tbody>
</table>
<h3 id="7-7-负载均衡"><a href="#7-7-负载均衡" class="headerlink" title="7.7 负载均衡"></a>7.7 负载均衡</h3><blockquote>
<p><code>upstream</code>指令启用一个新的配置区段，在该区段定义一组上游服务器。这些服务器可能被设置不同的权重，也可能出于对服务器进行维护，标记为<code>down</code>。</p>
</blockquote>
<figure class="highlight nginx"><table><tr><td class="code"><pre><span class="line"><span class="attribute">upstream</span> gitlab &#123;</span><br><span class="line">    ip_hash;</span><br><span class="line">    <span class="comment"># upstream的负载均衡，weight是权重，可以根据机器配置定义权重。weigth参数表示权值，权值越高被分配到的几率越大。</span></span><br><span class="line">    <span class="attribute">server</span> <span class="number">192.168.122.11:8081</span> ;</span><br><span class="line">    <span class="attribute">server</span> <span class="number">127.0.0.1:82</span> weight=<span class="number">3</span>;</span><br><span class="line">    <span class="attribute">server</span> <span class="number">127.0.0.1:83</span> weight=<span class="number">3</span> down;</span><br><span class="line">    server 127.0.0.1:84 weight=3; max_fails=3  fail_timeout=20s;</span><br><span class="line">    server 127.0.0.1:85 weight=4;;</span><br><span class="line">    <span class="attribute">keepalive</span> <span class="number">32</span>;</span><br><span class="line">&#125;</span><br><span class="line"><span class="section">server</span> &#123;</span><br><span class="line">    <span class="comment">#侦听的80端口</span></span><br><span class="line">    <span class="attribute">listen</span>       <span class="number">80</span>;</span><br><span class="line">    <span class="attribute">server_name</span>  git.example.cn;</span><br><span class="line">    <span class="attribute">location</span> / &#123;</span><br><span class="line">        <span class="attribute">proxy_pass</span>   http://gitlab;    <span class="comment">#在这里设置一个代理，和upstream的名字一样</span></span><br><span class="line">        <span class="comment">#以下是一些反向代理的配置可删除</span></span><br><span class="line">        <span class="attribute">proxy_redirect</span>             <span class="literal">off</span>;</span><br><span class="line">        <span class="comment">#后端的Web服务器可以通过X-Forwarded-For获取用户真实IP</span></span><br><span class="line">        <span class="attribute">proxy_set_header</span>           Host <span class="variable">$host</span>;</span><br><span class="line">        <span class="attribute">proxy_set_header</span>           X-Real-IP <span class="variable">$remote_addr</span>;</span><br><span class="line">        <span class="attribute">proxy_set_header</span>           X-Forwarded-For <span class="variable">$proxy_add_x_forwarded_for</span>;</span><br><span class="line">        <span class="attribute">client_max_body_size</span>       <span class="number">10m</span>;  <span class="comment">#允许客户端请求的最大单文件字节数</span></span><br><span class="line">        <span class="attribute">client_body_buffer_size</span>    <span class="number">128k</span>; <span class="comment">#缓冲区代理缓冲用户端请求的最大字节数</span></span><br><span class="line">        <span class="attribute">proxy_connect_timeout</span>      <span class="number">300</span>;  <span class="comment">#nginx跟后端服务器连接超时时间(代理连接超时)</span></span><br><span class="line">        <span class="attribute">proxy_send_timeout</span>         <span class="number">300</span>;  <span class="comment">#后端服务器数据回传时间(代理发送超时)</span></span><br><span class="line">        <span class="attribute">proxy_read_timeout</span>         <span class="number">300</span>;  <span class="comment">#连接成功后，后端服务器响应时间(代理接收超时)</span></span><br><span class="line">        <span class="attribute">proxy_buffer_size</span>          <span class="number">4k</span>; <span class="comment">#设置代理服务器（nginx）保存用户头信息的缓冲区大小</span></span><br><span class="line">        <span class="attribute">proxy_buffers</span>              <span class="number">4</span> <span class="number">32k</span>;<span class="comment"># 缓冲区，网页平均在32k以下的话，这样设置</span></span><br><span class="line">        <span class="attribute">proxy_busy_buffers_size</span>    <span class="number">64k</span>; <span class="comment">#高负荷下缓冲大小（proxy_buffers*2）</span></span><br><span class="line">        <span class="attribute">proxy_temp_file_write_size</span> <span class="number">64k</span>; <span class="comment">#设定缓存文件夹大小，大于这个值，将从upstream服务器传</span></span><br><span class="line">    &#125;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>
<blockquote>
<p>每个请求按时间顺序逐一分配到不同的后端服务器，如果后端服务器<code>down</code>掉，能自动剔除。</p>
</blockquote>
<p><strong>负载均衡：</strong></p>
<p><code>upstream</code>模块能够使用3种负载均衡算法：轮询、<code>IP</code>哈希、最少连接数。</p>
<p><strong>轮询：</strong> 默认情况下使用轮询算法，不需要配置指令来激活它，它是基于在队列中谁是下一个的原理确保访问均匀地分布到每个上游服务器；<br><strong>IP哈希：</strong> 通过<code>ip_hash</code>指令来激活，<code>Nginx</code>通过<code>IPv4</code>地址的前<code>3</code>个字节或者整个<code>IPv6</code>地址作为哈希键来实现，同一个IP地址总是能被映射到同一个上游服务器；<br><strong>最少连接数：</strong> 通过<code>least_conn</code>指令来激活，该算法通过选择一个活跃数最少的上游服务器进行连接。如果上游服务器处理能力不同，可以通过给<code>server</code>配置<code>weight</code>权重来说明，该算法将考虑到不同服务器的加权最少连接数。</p>
<h4 id="7-7-1-RR"><a href="#7-7-1-RR" class="headerlink" title="7.7.1 RR"></a>7.7.1 RR</h4><p><strong>简单配置</strong> ，这里我配置了<code>2</code>台服务器，当然实际上是一台，只是端口不一样而已，而<code>8081</code>的服务器是不存在的，也就是说访问不到，但是我们访问 <code>http://localhost</code> 的时候，也不会有问题，会默认跳转到<code>http://localhost:8080</code>具体是因为Nginx会自动判断服务器的状态，如果服务器处于不能访问（服务器挂了），就不会跳转到这台服务器，所以也避免了一台服务器挂了影响使用的情况，由于Nginx默认是RR策略，所以我们不需要其他更多的设置</p>
<figure class="highlight nginx"><table><tr><td class="code"><pre><span class="line"><span class="attribute">upstream</span> test &#123;</span><br><span class="line">    <span class="attribute">server</span> localhost:<span class="number">8080</span>;</span><br><span class="line">    <span class="attribute">server</span> localhost:<span class="number">8081</span>;</span><br><span class="line">&#125;</span><br><span class="line"><span class="section">server</span> &#123;</span><br><span class="line">    <span class="attribute">listen</span>       <span class="number">81</span>;</span><br><span class="line">    <span class="attribute">server_name</span>  localhost;</span><br><span class="line">    <span class="attribute">client_max_body_size</span> <span class="number">1024M</span>;</span><br><span class="line"> </span><br><span class="line">    <span class="attribute">location</span> / &#123;</span><br><span class="line">        <span class="attribute">proxy_pass</span> http://test;</span><br><span class="line">        <span class="attribute">proxy_set_header</span> Host <span class="variable">$host</span>:<span class="variable">$server_port</span>;</span><br><span class="line">    &#125;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>
<p><strong>负载均衡的核心代码为</strong> </p>
<figure class="highlight nginx"><table><tr><td class="code"><pre><span class="line"><span class="attribute">upstream</span> test &#123;</span><br><span class="line">    <span class="attribute">server</span> localhost:<span class="number">8080</span>;</span><br><span class="line">    <span class="attribute">server</span> localhost:<span class="number">8081</span>;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>
<h4 id="7-7-2-权重"><a href="#7-7-2-权重" class="headerlink" title="7.7.2 权重"></a>7.7.2 权重</h4><blockquote>
<p>指定轮询几率，<code>weight</code>和访问比率成正比，用于后端服务器性能不均的情况。 例如</p>
</blockquote>
<figure class="highlight nginx"><table><tr><td class="code"><pre><span class="line"><span class="attribute">upstream</span> test &#123;</span><br><span class="line">    <span class="attribute">server</span> localhost:<span class="number">8080</span> weight=<span class="number">9</span>;</span><br><span class="line">    <span class="attribute">server</span> localhost:<span class="number">8081</span> weight=<span class="number">1</span>;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>
<blockquote>
<p>那么<code>10</code>次一般只会有<code>1</code>次会访问到<code>8081</code>，而有<code>9</code>次会访问到<code>8080</code></p>
</blockquote>
<h4 id="7-7-3-ip-hash"><a href="#7-7-3-ip-hash" class="headerlink" title="7.7.3 ip_hash"></a>7.7.3 ip_hash</h4><blockquote>
<p>上面的2种方式都有一个问题，那就是下一个请求来的时候请求可能分发到另外一个服务器，当我们的程序不是无状态的时候（采用了<code>session</code>保存数据），这时候就有一个很大的很问题了，比如把登录信息保存到了<code>session</code>中，那么跳转到另外一台服务器的时候就需要重新登录了，所以很多时候我们需要一个客户只访问一个服务器，那么就需要用<code>iphash</code>了，<code>iphash</code>的每个请求按访问<code>ip</code>的<code>hash</code>结果分配，这样每个访客固定访问一个后端服务器，可以解决<code>session</code>的问题。</p>
</blockquote>
<figure class="highlight nginx"><table><tr><td class="code"><pre><span class="line"><span class="attribute">upstream</span> test &#123;</span><br><span class="line">    ip_hash;</span><br><span class="line">    <span class="attribute">server</span> localhost:<span class="number">8080</span>;</span><br><span class="line">    <span class="attribute">server</span> localhost:<span class="number">8081</span>;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>
<h4 id="7-7-4-fair"><a href="#7-7-4-fair" class="headerlink" title="7.7.4 fair"></a>7.7.4 fair</h4><blockquote>
<p>这是个第三方模块，按后端服务器的响应时间来分配请求，响应时间短的优先分配。</p>
</blockquote>
<figure class="highlight nginx"><table><tr><td class="code"><pre><span class="line"><span class="attribute">upstream</span> backend &#123;</span><br><span class="line">    fair;</span><br><span class="line">    <span class="attribute">server</span> localhost:<span class="number">8080</span>;</span><br><span class="line">    <span class="attribute">server</span> localhost:<span class="number">8081</span>;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>
<h4 id="7-7-5-url-hash"><a href="#7-7-5-url-hash" class="headerlink" title="7.7.5 url_hash"></a>7.7.5 url_hash</h4><blockquote>
<p>这是个第三方模块，按访问<code>url</code>的<code>hash</code>结果来分配请求，使每个<code>url</code>定向到同一个后端服务器，后端服务器为缓存时比较有效。 在<code>upstream</code>中加入<code>hash</code>语句，<code>server</code>语句中不能写入<code>weight</code>等其他的参数，<code>hash_method</code>是使用的<code>hash</code>算法</p>
</blockquote>
<figure class="highlight nginx"><table><tr><td class="code"><pre><span class="line"><span class="attribute">upstream</span> backend &#123;</span><br><span class="line">    <span class="attribute">hash</span> <span class="variable">$request_uri</span>;</span><br><span class="line">    <span class="attribute">hash_method</span> crc32;</span><br><span class="line">    <span class="attribute">server</span> localhost:<span class="number">8080</span>;</span><br><span class="line">    <span class="attribute">server</span> localhost:<span class="number">8081</span>;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>
<blockquote>
<p>以上<code>5</code>种负载均衡各自适用不同情况下使用，所以可以根据实际情况选择使用哪种策略模式，不过<code>fair</code>和<code>url_hash</code>需要安装第三方模块才能使用</p>
</blockquote>
<p><strong>server指令可选参数：</strong></p>
<ol>
<li><code>weight</code>：设置一个服务器的访问权重，数值越高，收到的请求也越多；</li>
<li><code>fail_timeout</code>：在这个指定的时间内服务器必须提供响应，如果在这个时间内没有收到响应，那么服务器将会被标记为<code>down</code>状态；</li>
<li><code>max_fails</code>：设置在<code>fail_timeout</code>时间之内尝试对一个服务器连接的最大次数，如果超过这个次数，那么服务器将会被标记为<code>down</code>;</li>
<li><code>down</code>：标记一个服务器不再接受任何请求；</li>
<li><code>backup</code>：一旦其他服务器宕机，那么有该标记的机器将会接收请求。</li>
</ol>
<p><strong>keepalive指令：</strong></p>
<blockquote>
<p><code>Nginx</code>服务器将会为每一个<code>worker</code>进行保持同上游服务器的连接。</p>
</blockquote>
<h3 id="7-8-屏蔽ip"><a href="#7-8-屏蔽ip" class="headerlink" title="7.8 屏蔽ip"></a>7.8 屏蔽ip</h3><blockquote>
<p>在<code>nginx</code>的配置文件<code>nginx.conf</code>中加入如下配置，可以放到<code>http</code>, <code>server</code>, <code>location</code>, <code>limit_except</code>语句块，需要注意相对路径，本例当中<code>nginx.conf</code>，<code>blocksip.conf</code>在同一个目录中。</p>
</blockquote>
<figure class="highlight nginx"><table><tr><td class="code"><pre><span class="line"><span class="attribute">include</span> blockip.conf;</span><br></pre></td></tr></table></figure>
<blockquote>
<p>在<code>blockip.conf</code>里面输入内容，如：</p>
</blockquote>
<figure class="highlight nginx"><table><tr><td class="code"><pre><span class="line"><span class="attribute">deny</span> <span class="number">165.91.122.67</span>;</span><br><span class="line"></span><br><span class="line"><span class="attribute">deny</span> IP;   <span class="comment"># 屏蔽单个ip访问</span></span><br><span class="line"><span class="attribute">allow</span> IP;  <span class="comment"># 允许单个ip访问</span></span><br><span class="line"><span class="attribute">deny</span> all;  <span class="comment"># 屏蔽所有ip访问</span></span><br><span class="line"><span class="attribute">allow</span> all; <span class="comment"># 允许所有ip访问</span></span><br><span class="line"><span class="attribute">deny</span> <span class="number">123.0.0.0</span>/<span class="number">8</span>   <span class="comment"># 屏蔽整个段即从123.0.0.1到123.255.255.254访问的命令</span></span><br><span class="line">deny <span class="number">124.45.0.0</span>/<span class="number">16</span> <span class="comment"># 屏蔽IP段即从123.45.0.1到123.45.255.254访问的命令</span></span><br><span class="line">deny <span class="number">123.45.6.0</span>/<span class="number">24</span> <span class="comment"># 屏蔽IP段即从123.45.6.1到123.45.6.254访问的命令</span></span><br><span class="line"></span><br><span class="line"><span class="comment"># 如果你想实现这样的应用，除了几个IP外，其他全部拒绝</span></span><br><span class="line">allow <span class="number">1.1.1.1</span>; </span><br><span class="line"><span class="attribute">allow</span> <span class="number">1.1.1.2</span>;</span><br><span class="line"><span class="attribute">deny</span> all;</span><br></pre></td></tr></table></figure>
<h2 id="八、第三方模块安装方法"><a href="#八、第三方模块安装方法" class="headerlink" title="八、第三方模块安装方法"></a>八、第三方模块安装方法</h2><figure class="highlight plain"><table><tr><td class="code"><pre><span class="line">./configure --prefix=/你的安装目录  --add-module=/第三方模块目录</span><br></pre></td></tr></table></figure>
<h2 id="九、重定向"><a href="#九、重定向" class="headerlink" title="九、重定向"></a>九、重定向</h2><ul>
<li><code>permanent</code> 永久性重定向。请求日志中的状态码为301</li>
<li><code>redirect</code> 临时重定向。请求日志中的状态码为302</li>
</ul>
<h3 id="9-1-重定向整个网站"><a href="#9-1-重定向整个网站" class="headerlink" title="9.1 重定向整个网站"></a>9.1 重定向整个网站</h3><figure class="highlight nginx"><table><tr><td class="code"><pre><span class="line"><span class="section">server</span> &#123;</span><br><span class="line">    <span class="attribute">server_name</span> old-site.com</span><br><span class="line">    return <span class="number">301</span> <span class="variable">$scheme</span>://new-site.com<span class="variable">$request_uri</span>;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>
<h3 id="9-2-重定向单页"><a href="#9-2-重定向单页" class="headerlink" title="9.2 重定向单页"></a>9.2 重定向单页</h3><figure class="highlight nginx"><table><tr><td class="code"><pre><span class="line"><span class="section">server</span> &#123;</span><br><span class="line">    <span class="attribute">location</span> = /oldpage.html &#123;</span><br><span class="line">        <span class="attribute">return</span> <span class="number">301</span> http://example.org/newpage.html;</span><br><span class="line">    &#125;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>
<h3 id="9-3-重定向整个子路径"><a href="#9-3-重定向整个子路径" class="headerlink" title="9.3 重定向整个子路径"></a>9.3 重定向整个子路径</h3><figure class="highlight nginx"><table><tr><td class="code"><pre><span class="line"><span class="attribute">location</span> /old-site &#123;</span><br><span class="line">    <span class="attribute">rewrite</span><span class="regexp"> ^/old-site/(.*)</span> http://example.org/new-site/<span class="variable">$1</span> <span class="literal">permanent</span>;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>
<h2 id="十、性能"><a href="#十、性能" class="headerlink" title="十、性能"></a>十、性能</h2><h3 id="10-1-内容缓存"><a href="#10-1-内容缓存" class="headerlink" title="10.1 内容缓存"></a>10.1 内容缓存</h3><blockquote>
<p>允许浏览器基本上永久地缓存静态内容。 <code>Nginx</code>将为您设置<code>Expires</code>和<code>Cache-Control</code>头信息。</p>
</blockquote>
<figure class="highlight nginx"><table><tr><td class="code"><pre><span class="line"><span class="attribute">location</span> /static &#123;</span><br><span class="line">    <span class="attribute">root</span> /data;</span><br><span class="line">    <span class="attribute">expires</span> max;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>
<blockquote>
<p>如果要求浏览器永远不会缓存响应（例如用于跟踪请求），请使用<code>-1</code>。</p>
</blockquote>
<figure class="highlight nginx"><table><tr><td class="code"><pre><span class="line"><span class="attribute">location</span> = /empty.gif &#123;</span><br><span class="line">    empty_gif;</span><br><span class="line">    <span class="attribute">expires</span> -<span class="number">1</span>;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>
<h3 id="10-2-Gzip压缩"><a href="#10-2-Gzip压缩" class="headerlink" title="10.2 Gzip压缩"></a>10.2 Gzip压缩</h3><figure class="highlight nginx"><table><tr><td class="code"><pre><span class="line"><span class="attribute">gzip</span>  <span class="literal">on</span>;</span><br><span class="line"><span class="attribute">gzip_buffers</span> <span class="number">16</span> <span class="number">8k</span>;</span><br><span class="line"><span class="attribute">gzip_comp_level</span> <span class="number">6</span>;</span><br><span class="line"><span class="attribute">gzip_http_version</span> <span class="number">1</span>.<span class="number">1</span>;</span><br><span class="line"><span class="attribute">gzip_min_length</span> <span class="number">256</span>;</span><br><span class="line"><span class="attribute">gzip_proxied</span> any;</span><br><span class="line"><span class="attribute">gzip_vary</span> <span class="literal">on</span>;</span><br><span class="line">gzip_types</span><br><span class="line">    text/xml application/xml application/atom+xml application/rss+xml application/xhtml+xml image/svg+xml</span><br><span class="line">    text/javascript application/javascript application/x-javascript</span><br><span class="line">    text/x-json application/json application/x-web-app-manifest+json</span><br><span class="line">    text/css text/plain text/x-component</span><br><span class="line">    font/opentype application/x-font-ttf application/vnd.ms-fontobject</span><br><span class="line">    image/x-icon;</span><br><span class="line"><span class="attribute">gzip_disable</span>  <span class="string">"msie6"</span>;</span><br></pre></td></tr></table></figure>
<h3 id="10-3-打开文件缓存"><a href="#10-3-打开文件缓存" class="headerlink" title="10.3 打开文件缓存"></a>10.3 打开文件缓存</h3><figure class="highlight nginx"><table><tr><td class="code"><pre><span class="line"><span class="attribute">open_file_cache</span> max=<span class="number">1000</span> inactive=<span class="number">20s</span>;</span><br><span class="line"><span class="attribute">open_file_cache_valid</span> <span class="number">30s</span>;</span><br><span class="line"><span class="attribute">open_file_cache_min_uses</span> <span class="number">2</span>;</span><br><span class="line"><span class="attribute">open_file_cache_errors</span> <span class="literal">on</span>;</span><br></pre></td></tr></table></figure>
<h3 id="10-4-SSL缓存"><a href="#10-4-SSL缓存" class="headerlink" title="10.4 SSL缓存"></a>10.4 SSL缓存</h3><figure class="highlight nginx"><table><tr><td class="code"><pre><span class="line"><span class="attribute">ssl_session_cache</span> shared:SSL:<span class="number">10m</span>;</span><br><span class="line"><span class="attribute">ssl_session_timeout</span> <span class="number">10m</span>;</span><br></pre></td></tr></table></figure>
<h3 id="10-5-上游Keepalive"><a href="#10-5-上游Keepalive" class="headerlink" title="10.5 上游Keepalive"></a>10.5 上游Keepalive</h3><figure class="highlight nginx"><table><tr><td class="code"><pre><span class="line"><span class="attribute">upstream</span> backend &#123;</span><br><span class="line">    <span class="attribute">server</span> <span class="number">127.0.0.1:8080</span>;</span><br><span class="line">    <span class="attribute">keepalive</span> <span class="number">32</span>;</span><br><span class="line">&#125;</span><br><span class="line"><span class="section">server</span> &#123;</span><br><span class="line">    ...</span><br><span class="line">    <span class="attribute">location</span> /api/ &#123;</span><br><span class="line">        <span class="attribute">proxy_pass</span> http://backend;</span><br><span class="line">        <span class="attribute">proxy_http_version</span> <span class="number">1</span>.<span class="number">1</span>;</span><br><span class="line">        <span class="attribute">proxy_set_header</span> Connection <span class="string">""</span>;</span><br><span class="line">    &#125;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>
<h3 id="10-6-监控"><a href="#10-6-监控" class="headerlink" title="10.6 监控"></a>10.6 监控</h3><blockquote>
<p>使用<code>ngxtop</code>实时解析<code>nginx</code>访问日志，并且将处理结果输出到终端，功能类似于系统命令<code>top</code>。所有示例都读取<code>nginx</code>配置文件的访问日志位置和格式。如果要指定访问日志文件和<code>/</code>或日志格式，请使用<code>-f</code>和<code>-a</code>选项。</p>
</blockquote>
<p><strong>注意</strong>：在<code>nginx</code>配置中<code>/usr/local/nginx/conf/nginx.conf</code>日志文件必须是绝对路径。</p>
<figure class="highlight bash"><table><tr><td class="code"><pre><span class="line"><span class="comment"># 安装 ngxtop</span></span><br><span class="line">pip install ngxtop</span><br><span class="line"></span><br><span class="line"><span class="comment"># 实时状态</span></span><br><span class="line">ngxtop</span><br><span class="line"><span class="comment"># 状态为404的前10个请求的路径：</span></span><br><span class="line">ngxtop top request_path --filter <span class="string">'status == 404'</span></span><br><span class="line"></span><br><span class="line"><span class="comment"># 发送总字节数最多的前10个请求</span></span><br><span class="line">ngxtop --order-by <span class="string">'avg(bytes_sent) * count'</span></span><br><span class="line"></span><br><span class="line"><span class="comment"># 排名前十位的IP，例如，谁攻击你最多</span></span><br><span class="line">ngxtop --group-by remote_addr</span><br><span class="line"></span><br><span class="line"><span class="comment"># 打印具有4xx或5xx状态的请求，以及status和http referer</span></span><br><span class="line">ngxtop -i <span class="string">'status &gt;= 400'</span> <span class="built_in">print</span> request status http_referer</span><br><span class="line"></span><br><span class="line"><span class="comment"># 由200个请求路径响应发送的平均正文字节以'foo'开始：</span></span><br><span class="line">ngxtop avg bytes_sent --filter <span class="string">'status == 200 and request_path.startswith("foo")'</span></span><br><span class="line"></span><br><span class="line"><span class="comment"># 使用“common”日志格式从远程机器分析apache访问日志</span></span><br><span class="line">ssh remote tail -f /var/<span class="built_in">log</span>/apache2/access.log | ngxtop -f common</span><br></pre></td></tr></table></figure>
<h2 id="十一、常见使用场景"><a href="#十一、常见使用场景" class="headerlink" title="十一、常见使用场景"></a>十一、常见使用场景</h2><h3 id="11-1-跨域问题"><a href="#11-1-跨域问题" class="headerlink" title="11.1 跨域问题"></a>11.1 跨域问题</h3><blockquote>
<p>在工作中，有时候会遇到一些接口不支持跨域，这时候可以简单的添加<code>add_headers</code>来支持<code>cors</code>跨域。配置如下：</p>
</blockquote>
<figure class="highlight nginx"><table><tr><td class="code"><pre><span class="line"><span class="section">server</span> &#123;</span><br><span class="line">  <span class="attribute">listen</span> <span class="number">80</span>;</span><br><span class="line">  <span class="attribute">server_name</span> api.xxx.com;</span><br><span class="line">    </span><br><span class="line">  <span class="attribute">add_header</span> <span class="string">'Access-Control-Allow-Origin'</span> <span class="string">'*'</span>;</span><br><span class="line">  <span class="attribute">add_header</span> <span class="string">'Access-Control-Allow-Credentials'</span> <span class="string">'true'</span>;</span><br><span class="line">  <span class="attribute">add_header</span> <span class="string">'Access-Control-Allow-Methods'</span> <span class="string">'GET,POST,HEAD'</span>;</span><br><span class="line"></span><br><span class="line">  <span class="attribute">location</span> / &#123;</span><br><span class="line">    <span class="attribute">proxy_pass</span> http://127.0.0.1:3000;</span><br><span class="line">    <span class="attribute">proxy_set_header</span> X-Real-IP <span class="variable">$remote_addr</span>;</span><br><span class="line">    <span class="attribute">proxy_set_header</span> X-Forwarded-For <span class="variable">$proxy_add_x_forwarded_for</span>;</span><br><span class="line">    <span class="attribute">proxy_set_header</span> Host  <span class="variable">$http_host</span>;    </span><br><span class="line">  &#125; </span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>
<blockquote>
<p>上面更改头信息，还有一种，使用 <a href="http://nginx.org/en/docs/http/ngx_http_rewrite_module.html" target="_blank" rel="noopener">rewrite</a> 指令重定向URI来解决跨域问题。</p>
</blockquote>
<figure class="highlight nginx"><table><tr><td class="code"><pre><span class="line"><span class="attribute">upstream</span> test &#123;</span><br><span class="line">  <span class="attribute">server</span> <span class="number">127.0.0.1:8080</span>;</span><br><span class="line">  <span class="attribute">server</span> localhost:<span class="number">8081</span>;</span><br><span class="line">&#125;</span><br><span class="line"><span class="section">server</span> &#123;</span><br><span class="line">  <span class="attribute">listen</span> <span class="number">80</span>;</span><br><span class="line">  <span class="attribute">server_name</span> api.xxx.com;</span><br><span class="line">  <span class="attribute">location</span> / &#123; </span><br><span class="line">    <span class="attribute">root</span>  html;                   <span class="comment">#去请求../html文件夹里的文件</span></span><br><span class="line">    <span class="attribute">index</span>  index.html index.htm;  <span class="comment">#首页响应地址</span></span><br><span class="line">  &#125;</span><br><span class="line">  <span class="comment"># 用于拦截请求，匹配任何以 /api/开头的地址，</span></span><br><span class="line">  <span class="comment"># 匹配符合以后，停止往下搜索正则。</span></span><br><span class="line">  <span class="attribute">location</span><span class="regexp"> ^~/api/</span>&#123; </span><br><span class="line">    <span class="comment"># 代表重写拦截进来的请求，并且只能对域名后边的除去传递的参数外的字符串起作用，</span></span><br><span class="line">    <span class="comment"># 例如www.a.com/proxy/api/msg?meth=1&amp;par=2重写，只对/proxy/api/msg重写。</span></span><br><span class="line">    <span class="comment"># rewrite后面的参数是一个简单的正则 ^/api/(.*)$，</span></span><br><span class="line">    <span class="comment"># $1代表正则中的第一个()，$2代表第二个()的值，以此类推。</span></span><br><span class="line">    <span class="attribute">rewrite</span><span class="regexp"> ^/api/(.*)$</span> /<span class="variable">$1</span> <span class="literal">break</span>;</span><br><span class="line">    </span><br><span class="line">    <span class="comment"># 把请求代理到其他主机 </span></span><br><span class="line">    <span class="comment"># 其中 http://www.b.com/ 写法和 http://www.b.com写法的区别如下</span></span><br><span class="line">    <span class="comment"># 如果你的请求地址是他 http://server/html/test.jsp</span></span><br><span class="line">    <span class="comment"># 配置一： http://www.b.com/ 后面有“/” </span></span><br><span class="line">    <span class="comment">#         将反向代理成 http://www.b.com/html/test.jsp 访问</span></span><br><span class="line">    <span class="comment"># 配置一： http://www.b.com 后面没有有“/” </span></span><br><span class="line">    <span class="comment">#         将反向代理成 http://www.b.com/test.jsp 访问</span></span><br><span class="line">    <span class="attribute">proxy_pass</span> http://test;</span><br><span class="line"></span><br><span class="line">    <span class="comment"># 如果 proxy_pass  URL 是 http://a.xx.com/platform/ 这种情况</span></span><br><span class="line">    <span class="comment"># proxy_cookie_path应该设置成 /platform/ / (注意两个斜杠之间有空格)。</span></span><br><span class="line">    <span class="attribute">proxy_cookie_path</span> /platfrom/ /;</span><br><span class="line"></span><br><span class="line">    <span class="comment"># http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass_header</span></span><br><span class="line">    <span class="comment"># 设置 Cookie 头通过</span></span><br><span class="line">    <span class="attribute">proxy_pass_header</span> Set-Cookie;</span><br><span class="line">  &#125; </span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>
<h3 id="11-2-跳转到带www的域上面"><a href="#11-2-跳转到带www的域上面" class="headerlink" title="11.2 跳转到带www的域上面"></a>11.2 跳转到带www的域上面</h3><figure class="highlight nginx"><table><tr><td class="code"><pre><span class="line"><span class="section">server</span> &#123;</span><br><span class="line">    <span class="attribute">listen</span> <span class="number">80</span>;</span><br><span class="line">    <span class="comment"># 配置正常的带www的域名</span></span><br><span class="line">    <span class="attribute">server_name</span> www.wangchujiang.com;</span><br><span class="line">    <span class="attribute">root</span> /home/www/wabg/download;</span><br><span class="line">    <span class="attribute">location</span> / &#123;</span><br><span class="line">        <span class="attribute">try_files</span> <span class="variable">$uri</span> <span class="variable">$uri</span>/ /index.html =<span class="number">404</span>;</span><br><span class="line">    &#125;</span><br><span class="line">&#125;</span><br><span class="line"><span class="section">server</span> &#123;</span><br><span class="line">    <span class="comment"># 这个要放到下面，</span></span><br><span class="line">    <span class="comment"># 将不带www的 wangchujiang.com 永久性重定向到  https://www.wangchujiang.com</span></span><br><span class="line">    <span class="attribute">server_name</span> wangchujiang.com;</span><br><span class="line">    <span class="attribute">rewrite</span><span class="regexp"> ^(.*)</span> https://www.wangchujiang.com<span class="variable">$1</span> <span class="literal">permanent</span>;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>
<h3 id="11-3-代理转发"><a href="#11-3-代理转发" class="headerlink" title="11.3 代理转发"></a>11.3 代理转发</h3><figure class="highlight nginx"><table><tr><td class="code"><pre><span class="line"><span class="attribute">upstream</span> server-api&#123;</span><br><span class="line">    <span class="comment"># api 代理服务地址</span></span><br><span class="line">    <span class="attribute">server</span> <span class="number">127.0.0.1:3110</span>;    </span><br><span class="line">&#125;</span><br><span class="line"><span class="attribute">upstream</span> server-resource&#123;</span><br><span class="line">    <span class="comment"># 静态资源 代理服务地址</span></span><br><span class="line">    <span class="attribute">server</span> <span class="number">127.0.0.1:3120</span>;</span><br><span class="line">&#125;</span><br><span class="line"><span class="section">server</span> &#123;</span><br><span class="line">    <span class="attribute">listen</span>       <span class="number">3111</span>;</span><br><span class="line">    <span class="attribute">server_name</span>  localhost;      <span class="comment"># 这里指定域名</span></span><br><span class="line">    <span class="attribute">root</span> /home/www/server-statics;</span><br><span class="line">    <span class="comment"># 匹配 api 路由的反向代理到API服务</span></span><br><span class="line">    <span class="attribute">location</span><span class="regexp"> ^~/api/</span> &#123;</span><br><span class="line">        <span class="attribute">rewrite</span><span class="regexp"> ^/(.*)$</span> /<span class="variable">$1</span> <span class="literal">break</span>;</span><br><span class="line">        <span class="attribute">proxy_pass</span> http://server-api;</span><br><span class="line">    &#125;</span><br><span class="line">    <span class="comment"># 假设这里验证码也在API服务中</span></span><br><span class="line">    <span class="attribute">location</span><span class="regexp"> ^~/captcha</span> &#123;</span><br><span class="line">        <span class="attribute">rewrite</span><span class="regexp"> ^/(.*)$</span> /<span class="variable">$1</span> <span class="literal">break</span>;</span><br><span class="line">        <span class="attribute">proxy_pass</span> http://server-api;</span><br><span class="line">    &#125;</span><br><span class="line">    <span class="comment"># 假设你的图片资源全部在另外一个服务上面</span></span><br><span class="line">    <span class="attribute">location</span><span class="regexp"> ^~/img/</span> &#123;</span><br><span class="line">        <span class="attribute">rewrite</span><span class="regexp"> ^/(.*)$</span> /<span class="variable">$1</span> <span class="literal">break</span>;</span><br><span class="line">        <span class="attribute">proxy_pass</span> http://server-resource;</span><br><span class="line">    &#125;</span><br><span class="line">    <span class="comment"># 路由在前端，后端没有真实路由，在路由不存在的 404状态的页面返回 /index.html</span></span><br><span class="line">    <span class="comment"># 这个方式使用场景，你在写React或者Vue项目的时候，没有真实路由</span></span><br><span class="line">    <span class="attribute">location</span> / &#123;</span><br><span class="line">        <span class="attribute">try_files</span> <span class="variable">$uri</span> <span class="variable">$uri</span>/ /index.html =<span class="number">404</span>;</span><br><span class="line">        <span class="comment">#                               ^ 空格很重要</span></span><br><span class="line">    &#125;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>
<h3 id="11-4-代理转发连接替换"><a href="#11-4-代理转发连接替换" class="headerlink" title="11.4 代理转发连接替换"></a>11.4 代理转发连接替换</h3><figure class="highlight nginx"><table><tr><td class="code"><pre><span class="line"><span class="attribute">location</span><span class="regexp"> ^~/api/upload</span> &#123;</span><br><span class="line">    <span class="attribute">rewrite</span><span class="regexp"> ^/(.*)$</span> /wfs/v1/upload <span class="literal">break</span>;</span><br><span class="line">    <span class="attribute">proxy_pass</span> http://wfs-api;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>
<h3 id="11-5-ssl配置"><a href="#11-5-ssl配置" class="headerlink" title="11.5 ssl配置"></a>11.5 ssl配置</h3><blockquote>
<p>超文本传输安全协议（缩写：<code>HTTPS</code>，英语：Hypertext Transfer Protocol Secure）是超文本传输协议和SSL/TLS的组合，用以提供加密通讯及对网络服务器身份的鉴定。<code>HTTPS</code>连接经常被用于万维网上的交易支付和企业信息系统中敏感信息的传输。<code>HTTPS</code>不应与在<code>RFC 2660</code>中定义的安全超文本传输协议（S-HTTP）相混。HTTPS 目前已经是所有注重隐私和安全的网站的首选，随着技术的不断发展，<code>HTTPS</code> 网站已不再是大型网站的专利，所有普通的个人站长和博客均可以自己动手搭建一个安全的加密的网站。</p>
</blockquote>
<p>创建<code>SSL</code>证书，如果你购买的证书，就可以直接下载</p>
<figure class="highlight bash"><table><tr><td class="code"><pre><span class="line">sudo mkdir /etc/nginx/ssl</span><br><span class="line"><span class="comment"># 创建了有效期100年，加密强度为RSA2048的SSL密钥key和X509证书文件。</span></span><br><span class="line">sudo openssl req -x509 -nodes -days 36500 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt</span><br><span class="line"><span class="comment"># 上面命令，会有下面需要填写内容</span></span><br><span class="line">Country Name (2 letter code) [AU]:US</span><br><span class="line">State or Province Name (full name) [Some-State]:New York</span><br><span class="line">Locality Name (eg, city) []:New York City</span><br><span class="line">Organization Name (eg, company) [Internet Widgits Pty Ltd]:Bouncy Castles, Inc.</span><br><span class="line">Organizational Unit Name (eg, section) []:Ministry of Water Slides</span><br><span class="line">Common Name (e.g. server FQDN or YOUR name) []:your_domain.com</span><br><span class="line">Email Address []:admin@your_domain.com</span><br></pre></td></tr></table></figure>
<p>创建自签证书</p>
<figure class="highlight bash"><table><tr><td class="code"><pre><span class="line">首先，创建证书和私钥的目录</span><br><span class="line"><span class="comment"># mkdir -p /etc/nginx/cert</span></span><br><span class="line"><span class="comment"># cd /etc/nginx/cert</span></span><br><span class="line">创建服务器私钥，命令会让你输入一个口令：</span><br><span class="line"><span class="comment"># openssl genrsa -des3 -out nginx.key 2048</span></span><br><span class="line">创建签名请求的证书（CSR）：</span><br><span class="line"><span class="comment"># openssl req -new -key nginx.key -out nginx.csr</span></span><br><span class="line">在加载SSL支持的Nginx并使用上述私钥时除去必须的口令：</span><br><span class="line"><span class="comment"># cp nginx.key nginx.key.org</span></span><br><span class="line"><span class="comment"># openssl rsa -in nginx.key.org -out nginx.key</span></span><br><span class="line">最后标记证书使用上述私钥和CSR：</span><br><span class="line"><span class="comment"># openssl x509 -req -days 365 -in nginx.csr -signkey nginx.key -out nginx.crt</span></span><br></pre></td></tr></table></figure>
<p>查看目前<code>nginx</code>编译选项</p>
<figure class="highlight plain"><table><tr><td class="code"><pre><span class="line">sbin/nginx -V</span><br></pre></td></tr></table></figure>
<p>输出下面内容</p>
<figure class="highlight plain"><table><tr><td class="code"><pre><span class="line">nginx version: nginx/1.7.8</span><br><span class="line">built by gcc 4.4.7 20120313 (Red Hat 4.4.7-4) (GCC)</span><br><span class="line">TLS SNI support enabled</span><br><span class="line">configure arguments: --prefix=/usr/local/nginx-1.7.8 --with-http_ssl_module --with-http_spdy_module --with-http_stub_status_module --with-pcre</span><br></pre></td></tr></table></figure>
<p>如果依赖的模块不存在，可以进入安装目录，输入下面命令重新编译安装。</p>
<figure class="highlight bash"><table><tr><td class="code"><pre><span class="line">./configure --prefix=/usr/<span class="built_in">local</span>/nginx --with-http_stub_status_module --with-http_ssl_module</span><br></pre></td></tr></table></figure>
<p>运行完成之后还需要<code>make</code> (不用<code>make install</code>)</p>
<figure class="highlight bash"><table><tr><td class="code"><pre><span class="line"><span class="comment"># 备份nginx的二进制文件</span></span><br><span class="line">cp -rf /usr/<span class="built_in">local</span>/nginx/sbin/nginx　 /usr/<span class="built_in">local</span>/nginx/sbin/nginx.bak</span><br><span class="line"><span class="comment"># 覆盖nginx的二进制文件</span></span><br><span class="line">cp -rf objs/nginx   /usr/<span class="built_in">local</span>/nginx/sbin/</span><br></pre></td></tr></table></figure>
<p><strong>HTTPS server</strong></p>
<figure class="highlight nginx"><table><tr><td class="code"><pre><span class="line"><span class="section">server</span> &#123;</span><br><span class="line">    <span class="attribute">listen</span>       <span class="number">443</span> ssl;</span><br><span class="line">    <span class="attribute">server_name</span>  localhost;</span><br><span class="line"></span><br><span class="line">    <span class="attribute">ssl_certificate</span> /etc/nginx/ssl/nginx.crt;</span><br><span class="line">    <span class="attribute">ssl_certificate_key</span> /etc/nginx/ssl/nginx.key;</span><br><span class="line">    <span class="comment"># 禁止在header中出现服务器版本，防止黑客利用版本漏洞攻击</span></span><br><span class="line">    <span class="attribute">server_tokens</span> <span class="literal">off</span>;</span><br><span class="line">    <span class="comment"># 设置ssl/tls会话缓存的类型和大小。如果设置了这个参数一般是shared，buildin可能会参数内存碎片，默认是none，和off差不多，停用缓存。如shared:SSL:10m表示我所有的nginx工作进程共享ssl会话缓存，官网介绍说1M可以存放约4000个sessions。 </span></span><br><span class="line">    <span class="attribute">ssl_session_cache</span>    shared:SSL:<span class="number">1m</span>; </span><br><span class="line"></span><br><span class="line">    <span class="comment"># 客户端可以重用会话缓存中ssl参数的过期时间，内网系统默认5分钟太短了，可以设成30m即30分钟甚至4h。</span></span><br><span class="line">    <span class="attribute">ssl_session_timeout</span>  <span class="number">5m</span>; </span><br><span class="line"></span><br><span class="line">    <span class="comment"># 选择加密套件，不同的浏览器所支持的套件（和顺序）可能会不同。</span></span><br><span class="line">    <span class="comment"># 这里指定的是OpenSSL库能够识别的写法，你可以通过 openssl -v cipher 'RC4:HIGH:!aNULL:!MD5'（后面是你所指定的套件加密算法） 来看所支持算法。</span></span><br><span class="line">    <span class="attribute">ssl_ciphers</span>  HIGH:!aNULL:!MD5;</span><br><span class="line"></span><br><span class="line">    <span class="comment"># 设置协商加密算法时，优先使用我们服务端的加密套件，而不是客户端浏览器的加密套件。</span></span><br><span class="line">    <span class="attribute">ssl_prefer_server_ciphers</span>  <span class="literal">on</span>;</span><br><span class="line"></span><br><span class="line">    <span class="attribute">location</span> / &#123;</span><br><span class="line">        <span class="attribute">root</span>   html;</span><br><span class="line">        <span class="attribute">index</span>  index.html index.htm;</span><br><span class="line">    &#125;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>
<h3 id="11-6-强制将http重定向到https"><a href="#11-6-强制将http重定向到https" class="headerlink" title="11.6 强制将http重定向到https"></a>11.6 强制将http重定向到https</h3><figure class="highlight nginx"><table><tr><td class="code"><pre><span class="line"><span class="section">server</span> &#123;</span><br><span class="line">    <span class="attribute">listen</span>       <span class="number">80</span>;</span><br><span class="line">    <span class="attribute">server_name</span>  example.com;</span><br><span class="line">    <span class="attribute">rewrite</span><span class="regexp"> ^</span> https://<span class="variable">$http_host</span><span class="variable">$request_uri</span>? <span class="literal">permanent</span>;    <span class="comment"># 强制将http重定向到https</span></span><br><span class="line">    <span class="comment"># 在错误页面和“服务器”响应头字段中启用或禁用发射nginx版本。 防止黑客利用版本漏洞攻击</span></span><br><span class="line">    <span class="attribute">server_tokens</span> <span class="literal">off</span>;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>
<h3 id="11-7-两个虚拟主机"><a href="#11-7-两个虚拟主机" class="headerlink" title="11.7 两个虚拟主机"></a>11.7 两个虚拟主机</h3><blockquote>
<p>纯静态<code>-html</code>支持</p>
</blockquote>
<figure class="highlight nginx"><table><tr><td class="code"><pre><span class="line"><span class="section">http</span> &#123;</span><br><span class="line">    <span class="section">server</span> &#123;</span><br><span class="line">        <span class="attribute">listen</span>          <span class="number">80</span>;</span><br><span class="line">        <span class="attribute">server_name</span>     www.domain1.com;</span><br><span class="line">        <span class="attribute">access_log</span>      logs/domain1.access.log main;</span><br><span class="line">        <span class="attribute">location</span> / &#123;</span><br><span class="line">            <span class="attribute">index</span> index.html;</span><br><span class="line">            <span class="attribute">root</span>  /var/www/domain1.com/htdocs;</span><br><span class="line">        &#125;</span><br><span class="line">    &#125;</span><br><span class="line">    <span class="section">server</span> &#123;</span><br><span class="line">        <span class="attribute">listen</span>          <span class="number">80</span>;</span><br><span class="line">        <span class="attribute">server_name</span>     www.domain2.com;</span><br><span class="line">        <span class="attribute">access_log</span>      logs/domain2.access.log main;</span><br><span class="line">        <span class="attribute">location</span> / &#123;</span><br><span class="line">            <span class="attribute">index</span> index.html;</span><br><span class="line">            <span class="attribute">root</span>  /var/www/domain2.com/htdocs;</span><br><span class="line">        &#125;</span><br><span class="line">    &#125;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>
<h3 id="11-8-虚拟主机标准配置"><a href="#11-8-虚拟主机标准配置" class="headerlink" title="11.8 虚拟主机标准配置"></a>11.8 虚拟主机标准配置</h3><figure class="highlight nginx"><table><tr><td class="code"><pre><span class="line"><span class="section">http</span> &#123;</span><br><span class="line">  <span class="section">server</span> &#123;</span><br><span class="line">    <span class="attribute">listen</span>          <span class="number">80</span> default;</span><br><span class="line">    <span class="attribute">server_name</span>     _ *;</span><br><span class="line">    <span class="attribute">access_log</span>      logs/default.access.log main;</span><br><span class="line">    <span class="attribute">location</span> / &#123;</span><br><span class="line">       <span class="attribute">index</span> index.html;</span><br><span class="line">       <span class="attribute">root</span>  /var/www/default/htdocs;</span><br><span class="line">    &#125;</span><br><span class="line">  &#125;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>
<h3 id="11-9-防盗链"><a href="#11-9-防盗链" class="headerlink" title="11.9 防盗链"></a>11.9 防盗链</h3><figure class="highlight nginx"><table><tr><td class="code"><pre><span class="line"><span class="attribute">location</span> <span class="regexp">~* \.(gif|jpg|png|swf|flv)$</span> &#123;</span><br><span class="line">   <span class="attribute">root</span> html</span><br><span class="line">   valid_referers <span class="literal">none</span> <span class="literal">blocked</span> <span class="regexp">*.nginxcn.com</span>;</span><br><span class="line">   <span class="attribute">if</span> (<span class="variable">$invalid_referer</span>) &#123;</span><br><span class="line">     <span class="attribute">rewrite</span><span class="regexp"> ^/</span> www.nginx.cn</span><br><span class="line">     <span class="comment">#return 404;</span></span><br><span class="line">   &#125;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>
<h3 id="11-10虚拟目录配置"><a href="#11-10虚拟目录配置" class="headerlink" title="11.10虚拟目录配置"></a>11.10虚拟目录配置</h3><blockquote>
<p><code>alias</code>指定的目录是准确的，<code>root</code>是指定目录的上级目录，并且该上级目录要含有<code>location</code>指定名称的同名目录。</p>
</blockquote>
<figure class="highlight nginx"><table><tr><td class="code"><pre><span class="line"><span class="attribute">location</span> /img/ &#123;</span><br><span class="line">    <span class="attribute">alias</span> /var/www/image/;</span><br><span class="line">&#125;</span><br><span class="line"><span class="comment"># 访问/img/目录里面的文件时，ningx会自动去/var/www/image/目录找文件</span></span><br><span class="line"><span class="attribute">location</span> /img/ &#123;</span><br><span class="line">    <span class="attribute">root</span> /var/www/image;</span><br><span class="line">&#125;</span><br><span class="line"><span class="comment"># 访问/img/目录下的文件时，nginx会去/var/www/image/img/目录下找文件。]</span></span><br></pre></td></tr></table></figure>
<h3 id="11-11-防盗图配置"><a href="#11-11-防盗图配置" class="headerlink" title="11.11 防盗图配置"></a>11.11 防盗图配置</h3><figure class="highlight nginx"><table><tr><td class="code"><pre><span class="line"><span class="attribute">location</span> <span class="regexp">~ \/public\/(css|js|img)\/.*\.(js|css|gif|jpg|jpeg|png|bmp|swf)</span> &#123;</span><br><span class="line">    <span class="attribute">valid_referers</span> <span class="literal">none</span> <span class="literal">blocked</span> <span class="regexp">*.jslite.io</span>;</span><br><span class="line">    <span class="attribute">if</span> (<span class="variable">$invalid_referer</span>) &#123;</span><br><span class="line">        <span class="attribute">rewrite</span><span class="regexp"> ^/</span>  http://wangchujiang.com/piratesp.png;</span><br><span class="line">    &#125;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>
<h3 id="11-12-屏蔽-git等文件"><a href="#11-12-屏蔽-git等文件" class="headerlink" title="11.12 屏蔽.git等文件"></a>11.12 屏蔽.git等文件</h3><figure class="highlight nginx"><table><tr><td class="code"><pre><span class="line"><span class="attribute">location</span> <span class="regexp">~ (.git|.gitattributes|.gitignore|.svn)</span> &#123;</span><br><span class="line">    <span class="attribute">deny</span> all;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>
<h3 id="11-13-域名路径加不加需要都能正常访问"><a href="#11-13-域名路径加不加需要都能正常访问" class="headerlink" title="11.13 域名路径加不加需要都能正常访问"></a>11.13 域名路径加不加需要都能正常访问</h3><figure class="highlight bash"><table><tr><td class="code"><pre><span class="line">http://wangchujiang.com/api/index.php?a=1&amp;name=wcj</span><br><span class="line">                                  ^ 有后缀</span><br><span class="line"></span><br><span class="line">http://wangchujiang.com/api/index?a=1&amp;name=wcj</span><br><span class="line">                                 ^ 没有后缀</span><br></pre></td></tr></table></figure>
<blockquote>
<p><code>nginx rewrite</code>规则如下：</p>
</blockquote>
<figure class="highlight nginx"><table><tr><td class="code"><pre><span class="line"><span class="attribute">rewrite</span><span class="regexp"> ^/(.*)/$</span> /index.php?/<span class="variable">$1</span> <span class="literal">permanent</span>;</span><br><span class="line"><span class="attribute">if</span> (!-d <span class="variable">$request_filename</span>)&#123;</span><br><span class="line">        <span class="attribute">set</span> <span class="variable">$rule_1</span> <span class="number">1</span><span class="variable">$rule_1</span>;</span><br><span class="line">&#125;</span><br><span class="line"><span class="attribute">if</span> (!-f <span class="variable">$request_filename</span>)&#123;</span><br><span class="line">        <span class="attribute">set</span> <span class="variable">$rule_1</span> <span class="number">2</span><span class="variable">$rule_1</span>;</span><br><span class="line">&#125;</span><br><span class="line"><span class="attribute">if</span> (<span class="variable">$rule_1</span> = <span class="string">"21"</span>)&#123;</span><br><span class="line">        <span class="attribute">rewrite</span><span class="regexp"> ^/</span> /index.php <span class="literal">last</span>;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>
<h2 id="十二、错误问题"><a href="#十二、错误问题" class="headerlink" title="十二、错误问题"></a>十二、错误问题</h2><figure class="highlight bash"><table><tr><td class="code"><pre><span class="line">The plain HTTP request was sent to HTTPS port</span><br></pre></td></tr></table></figure>
<blockquote>
<p>解决办法，<code>fastcgi_param HTTPS $https if_not_empty</code> 添加这条规则，</p>
</blockquote>
<figure class="highlight nginx"><table><tr><td class="code"><pre><span class="line"><span class="section">server</span> &#123;</span><br><span class="line">    <span class="attribute">listen</span> <span class="number">443</span> ssl; <span class="comment"># 注意这条规则</span></span><br><span class="line">    <span class="attribute">server_name</span>  my.domain.com;</span><br><span class="line">    </span><br><span class="line">    <span class="attribute">fastcgi_param</span> HTTPS <span class="variable">$https</span> if_not_empty;</span><br><span class="line">    <span class="attribute">fastcgi_param</span> HTTPS <span class="literal">on</span>;</span><br><span class="line"></span><br><span class="line">    <span class="attribute">ssl_certificate</span> /etc/ssl/certs/your.pem;</span><br><span class="line">    <span class="attribute">ssl_certificate_key</span> /etc/ssl/private/your.key;</span><br><span class="line"></span><br><span class="line">    <span class="attribute">location</span> / &#123;</span><br><span class="line">        <span class="comment"># Your config here...</span></span><br><span class="line">    &#125;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>
<h2 id="十三、Nginx思维导图"><a href="#十三、Nginx思维导图" class="headerlink" title="十三、Nginx思维导图"></a>十三、Nginx思维导图</h2><p><img src="https://upload-images.jianshu.io/upload_images/1480597-f6a3fd62b01d77f1.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240" alt="nginx"></p>
<h2 id="十四、精品文章参考"><a href="#十四、精品文章参考" class="headerlink" title="十四、精品文章参考"></a>十四、精品文章参考</h2><ul>
<li><a href="https://my.oschina.net/u/3341316/blog/877206" target="_blank" rel="noopener">负载均衡原理的解析</a></li>
<li><a href="http://blog.githuber.cn/posts/73" target="_blank" rel="noopener">Nginx泛域名解析，实现多个二级域名 </a></li>
<li><a href="https://www.nginx.com/blog/inside-nginx-how-we-designed-for-performance-scale/" target="_blank" rel="noopener">深入 NGINX: 我们如何设计性能和扩展</a></li>
<li><a href="https://www.nginx.com/blog/inside-nginx-how-we-designed-for-performance-scale/" target="_blank" rel="noopener">Inside NGINX: How We Designed for Performance &amp; Scale</a></li>
<li><a href="http://tengine.taobao.org/book/index.html" target="_blank" rel="noopener">Nginx开发从入门到精通</a></li>
<li><a href="http://os.51cto.com/art/201703/535326.htm#topx" target="_blank" rel="noopener">Nginx的优化与防盗链</a></li>
<li><a href="https://segmentfault.com/a/1190000009769143" target="_blank" rel="noopener">实战开发一个Nginx扩展 (Nginx Module)</a></li>
<li><a href="https://my.oschina.net/xshuai/blog/917097" target="_blank" rel="noopener">Nginx+Keepalived(双机热备)搭建高可用负载均衡环境(HA)</a></li>
<li><a href="http://www.huxd.org/articles/2017/07/24/1500890692329.html" target="_blank" rel="noopener">Nginx 平滑升级</a></li>
<li><a href="https://mp.weixin.qq.com/s?__biz=MzIxNzg5ODE0OA==&amp;mid=2247483708&amp;idx=1&amp;sn=90b0b1dccd9c337922a0588245277666&amp;chksm=97f38cf7a08405e1928e0b46d923d630e529e7db8ac7ca2a91310a075986f8bcb2cee5b4953d#rd" target="_blank" rel="noopener">Nginx最新模块—ngx_http_mirror_module分析可以做版本发布前的预先验证，进行流量放大后的压测等等</a></li>
</ul>

      </div>
    
  </div>

</article>

<button class="assist-btn2 circle" id="assist_btn2" title="点亮屏幕" style="left: 27px; top: 152px;">
  <i class="iconfont" style="display:inline-block;color:red;width:20px;height:20px;">&#xe61d;</i>
</button>
<button class="assist-btn1 circle" id="assist_btn1" title="关闭屏幕亮度" style="left: 27px; top: 152px;">
  <i class="iconfont toc-title" style="display:inline-block;color:red;width:20px;height:20px;">&#xe61d;</i>
</button>


<script src="//cdn.bootcss.com/jquery/3.1.1/jquery.min.js"></script>	

<script src="https://my.openwrite.cn/js/readmore.js" type="text/javascript"></script>
<script>
  const btw = new BTWPlugin();
  btw.init({
    id: "container",
    blogId: "22699-1592137983091-414",
    name: "前端进阶之旅",
    qrcode: "https://poetries1.gitee.io/img-repo/2020/06/qrcode.jpg",
    keyword: "3a3b3c",
  });
</script>

<script type="text/javascript">

// white theme
var body = {color: "#555", background: "#000"};
var a_tag = {color: "#222"};
var header = { background: "#222"};
var logo_line_i = {background: "#222"};
// var post_code = {background: "#eee", color: "#222"};

function switch_theme() {
 $("body").css(body);
 $("a:not('.links-of-author-item a, .site-state-item a, .site-state-posts a, .feed-link a, .motion-element a, .post-tags a, .show-commit-cls a, #donate_board a')").css(a_tag);
 $(".header, .footer").css(header);
 $(".logo-line-before i, .logo-line-after i").css(logo_line_i);
 //$(".post code").css(post_code);
 $("#idhyt-surprise-ball #idhyt-surprise-ball-animation .drag").css(a_tag);
 $(".post-title-link, .posts-expand .post-meta, .post-comments-count, .disqus-comment-count, .post-category a, .post-nav-next a, .post-nav-item a").css(a_tag);
 
 // $("code").css({color: '#c5c8c6', background: '#1d1f21'});
 //$("#assist_btn1").hide(1500);
}

$(function () {
$("#assist_btn2").css("display","none");
 $("#assist_btn1").click(function() {
     switch_theme();
$("div#toc.toc-article").css({
 "background":"#eaeaea",
 "opacity":1
});
$(".toc-article ol").show();
$("#toc.toc-article .toc-title").css("color","#a98602");
$("#assist_btn1").css("display","none");
$("#assist_btn2").css("display","block");
 });
$("#assist_btn2").click(function() {
$("#assist_btn2").css("display","none");
$("#assist_btn1").css("display","block");
$("body").css("background","url(http://www.miaov.com/static/ie/images/news/bg.png)")
     $(".header, .footer").css("background","url(http://www.miaov.com/static/ie/images/news/bg.png)")
$(".toc-article ol").toggle(1000);
 });
});


//背景随机

var Y, O, E, L, B, C, T, z, N, S, A, I;
!function() {
var e = function() {
for (O.clearRect(0, 0, L, B), T = [{
x: 0,
y: .7 * B + C
}, {
x: 0,
y: .7 * B - C
}]; T[1].x < L + C;) t(T[0], T[1])
}, t = function(e, t) {
O.beginPath(), O.moveTo(e.x, e.y), O.lineTo(t.x, t.y);
var n = t.x + (2 * I() - .25) * C,
 r = a(t.y);
O.lineTo(n, r), O.closePath(), N -= S / -50, O.fillStyle = "#" + (127 * A(N) + 128 << 16 | 127 * A(N + S / 3) + 128 << 8 | 127 * A(N + S / 3 * 2) + 128).toString(16), O.fill(), T[0] = T[1], T[1] = {
 x: n,
 y: r
}
}, a = function n(e) {
var t = e + (2 * I() - 1.1) * C;
return t > B || t < 0 ? n(e) : t
};
Y = document.getElementById("evanyou"), O = Y.getContext("2d"), E = window.devicePixelRatio || 1, L = window.innerWidth, B = window.innerHeight, C = 90, z = Math, N = 0, S = 2 * z.PI, A = z.cos, I = z.random, Y.width = L * E, Y.height = B * E, O.scale(E, E), O.globalAlpha = .6, document.onclick = e, document.ontouchstart = e, e()
}()

   
$("#toc-eye").click(function(){
$("#toc.toc-article").toggle(1000);
});

</script>


   
  <div class="text-center donation">
    <div class="inner-donation">
      <span class="btn-donation">支持一下</span>
      <div class="donation-body">
        <div class="tip text-center">扫一扫，支持poetries</div>
        <ul>
        
          <li class="item">
            
              <span>微信扫一扫</span>
            
            <img src="/images/weixin.jpg" alt="">
          </li>
        
          <li class="item">
            
              <span>支付宝扫一扫</span>
            
            <img src="/images/zhifubao.jpg" alt="">
          </li>
        
        </ul>
      </div>
    </div>
  </div>


   
  <div class="box-prev-next clearfix">
    <a class="show pull-left" href="/2018/11/20/docker-summary/">
        <i class="icon icon-angle-left"></i>
    </a>
    <a class="show pull-right" href="/2018/11/20/react-fiber/">
        <i class="icon icon-angle-right"></i>
    </a>
  </div>




</div>


  <a id="backTop" class="back-top">
    <i class="icon-angle-up"></i>
  </a>




  <div class="modal" id="modal">
  <span id="cover" class="cover hide"></span>
  <div id="modal-dialog" class="modal-dialog hide-dialog">
    <div class="modal-header">
      <span id="close" class="btn-close">关闭</span>
    </div>
    <hr>
    <div class="modal-body">
      <ul class="list-toolbox">
        
          <li class="item-toolbox">
            <a
              class="CIRCLE"
              href="/archives/"
              rel="noopener noreferrer"
              target="_self"
              >
              博客
            </a>
          </li>
        
          <li class="item-toolbox">
            <a
              class="CIRCLE"
              href="/categories/"
              rel="noopener noreferrer"
              target="_self"
              >
              分类
            </a>
          </li>
        
          <li class="item-toolbox">
            <a
              class="CIRCLE"
              href="/tags/"
              rel="noopener noreferrer"
              target="_self"
              >
              标签
            </a>
          </li>
        
          <li class="item-toolbox">
            <a
              class="CIRCLE"
              href="/search/"
              rel="noopener noreferrer"
              target="_self"
              >
              搜索
            </a>
          </li>
        
          <li class="item-toolbox">
            <a
              class="CIRCLE"
              href="/link/"
              rel="noopener noreferrer"
              target="_self"
              >
              友链
            </a>
          </li>
        
          <li class="item-toolbox">
            <a
              class="CIRCLE"
              href="/about/"
              rel="noopener noreferrer"
              target="_self"
              >
              关于
            </a>
          </li>
        
      </ul>

    </div>
  </div>
</div>



  
      <div class="fexo-comments comments-post">
    

    

    
    

    

    
    

    

<!-- Gitalk评论插件通用代码 -->
<div id="gitalk-container"></div>

<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/gitalk@1/dist/gitalk.css">
<script src="https://cdn.jsdelivr.net/npm/gitalk@1/dist/gitalk.min.js"></script>
<script>
const gitalk = new Gitalk({
  clientID: '5567a2c4abb858009d96',
  clientSecret: 'b9039ec056cf5c2346b3cdb63308a28c163f91e5',
  repo: 'poetries.github.io',
  owner: 'poetries',
  // 在这里设置一下截取前50个字符串, 这是因为 github 对 label 的长度有了要求, 如果超过
  // 50个字符串则会报错.
  // id: location.pathname.split('/').pop().substring(0, 49),
  id: location.pathname,
  admin: ['poetries'],
  // facebook-like distraction free mode
  distractionFreeMode: false
})
gitalk.render('gitalk-container')
</script>
<!-- Gitalk代码结束 -->



  </div>

  

  <script type="text/javascript">
  function loadScript(url, callback) {
    var script = document.createElement('script')
    script.type = 'text/javascript';

    if (script.readyState) { //IE
      script.onreadystatechange = function() {
        if (script.readyState == 'loaded' ||
          script.readyState == 'complete') {
          script.onreadystatechange = null;
          callback();
        }
      };
    } else { //Others
      script.onload = function() {
        callback();
      };
    }

    script.src = url;
    document.getElementsByTagName('head')[0].appendChild(script);
  }

  window.onload = function() {
    loadScript('/js/bundle.js?235683', function() {
      // load success
    });
  }
</script>


  <!-- 页面点击小红心 -->
  <script type="text/javascript" src="/js/clicklove.js"></script>
 
  
</body>
</html>
